Login Sign Up

CVE-2024-41746

7.2 HIGH
Cross-Site Scripting

📋 TL;DR

IBM CICS TX Advanced and Standard are vulnerable to stored cross-site scripting (XSS) that allows authenticated users to inject malicious JavaScript into the Web UI. This can lead to session hijacking or credential theft when other users view the compromised interface. Affected versions include CICS TX Advanced 10.1, 11.1 and Standard 11.1.

💻 Affected Systems

Products:
  • IBM CICS TX Advanced
  • IBM CICS TX Standard
Versions: Advanced 10.1, Advanced 11.1, Standard 11.1
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access to the Web UI for exploitation.

📦 What is this software?

Cics Tx by Ibm

View all CVEs affecting Cics Tx →

Cics Tx by Ibm

View all CVEs affecting Cics Tx →

Cics Tx by Ibm

View all CVEs affecting Cics Tx →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrator credentials, gain full system access, and compromise sensitive data or execute unauthorized transactions.

🟠

Likely Case

Attackers steal user session cookies or credentials, leading to unauthorized access to business applications and potential data exfiltration.

🟢

If Mitigated

Limited impact with proper input validation and output encoding, though some UI manipulation may still occur.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires authenticated access and knowledge of the Web UI interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply interim fix or upgrade as specified in IBM advisory

Vendor Advisory: https://www.ibm.com/support/pages/node/7171873

Restart Required: No

Instructions:

1. Review IBM advisory for specific interim fixes. 2. Apply the recommended fix for your version. 3. Verify the fix by testing XSS payloads in the Web UI.

🔧 Temporary Workarounds

Input Validation and Output Encoding

all

Implement server-side validation and proper output encoding for all user inputs in the Web UI.

Content Security Policy

all

Implement a strict Content Security Policy to restrict script execution.

🧯 If You Can't Patch

  • Restrict Web UI access to trusted users only using network segmentation and authentication controls.
  • Implement web application firewall rules to detect and block XSS payloads.

🔍 How to Verify

Check if Vulnerable:

Test by attempting to inject basic XSS payloads (e.g., <script>alert('test')</script>) into Web UI input fields and check if they execute.

Check Version:

Check CICS TX version via administrative console or product documentation.

Verify Fix Applied:

Retest XSS payloads after applying patches; they should be properly sanitized and not execute.

📡 Detection & Monitoring

Log Indicators:

  • Unusual JavaScript or HTML patterns in Web UI access logs
  • Multiple failed login attempts followed by successful access

Network Indicators:

  • HTTP requests containing suspicious script tags or JavaScript code to CICS TX endpoints

SIEM Query:

source="cics_tx_logs" AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=")

📊 Metadata

CVE ID: CVE-2024-41746
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.21% exploit probability (43.1th percentile)
Published: January 16, 2025
Last Updated: August 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-41746, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)