VAR-201406-0327
Vulnerability from variot - Updated: 2025-04-13 23:14IBM CICS Transaction Server 3.1, 3.2, 4.1, 4.2, and 5.1 on z/OS does not properly implement CEMT transactions, which allows remote authenticated users to cause a denial of service (storage overlay) by using a 3270 emulator to send an invalid 3270 data stream. IBM CICS Transaction Server is a transaction processing server that runs primarily on IBM System z mainframes based on IBM z/OS. An unspecified security vulnerability exists in IBM CICS Transaction Server. Little is known about this issue or its effects at this time. We will update this BID as more information emerges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201406-0327",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cics transaction server",
"scope": "eq",
"trust": 2.2,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "cics transaction server",
"scope": "eq",
"trust": 2.2,
"vendor": "ibm",
"version": "3.2"
},
{
"model": "cics transaction server",
"scope": "eq",
"trust": 2.2,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "cics transaction server",
"scope": "eq",
"trust": 2.2,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "cics transaction server",
"scope": "eq",
"trust": 1.6,
"vendor": "ibm",
"version": null
},
{
"model": "cics transaction server for z/os",
"scope": "eq",
"trust": 1.1,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "cics transaction server for z/os",
"scope": "eq",
"trust": 1.1,
"vendor": "ibm",
"version": "4.2"
},
{
"model": "cics transaction server for z/os",
"scope": "eq",
"trust": 1.1,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "cics transaction server for z/os",
"scope": "eq",
"trust": 1.1,
"vendor": "ibm",
"version": "3.2"
},
{
"model": "cics transaction server for z/os",
"scope": "eq",
"trust": 1.1,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "cics transaction server",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "4.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03649"
},
{
"db": "BID",
"id": "67944"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002817"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-169"
},
{
"db": "NVD",
"id": "CVE-2014-3042"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ibm:cics_transaction_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002817"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM",
"sources": [
{
"db": "BID",
"id": "67944"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3042",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2014-3042",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2014-03649",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3042",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-3042",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-03649",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201406-169",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03649"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002817"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-169"
},
{
"db": "NVD",
"id": "CVE-2014-3042"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM CICS Transaction Server 3.1, 3.2, 4.1, 4.2, and 5.1 on z/OS does not properly implement CEMT transactions, which allows remote authenticated users to cause a denial of service (storage overlay) by using a 3270 emulator to send an invalid 3270 data stream. IBM CICS Transaction Server is a transaction processing server that runs primarily on IBM System z mainframes based on IBM z/OS. An unspecified security vulnerability exists in IBM CICS Transaction Server. \nLittle is known about this issue or its effects at this time. We will update this BID as more information emerges",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3042"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002817"
},
{
"db": "CNVD",
"id": "CNVD-2014-03649"
},
{
"db": "BID",
"id": "67944"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3042",
"trust": 3.3
},
{
"db": "BID",
"id": "67944",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "59242",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002817",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2014-03649",
"trust": 0.6
},
{
"db": "AIXAPAR",
"id": "PI16726",
"trust": 0.6
},
{
"db": "AIXAPAR",
"id": "PI16727",
"trust": 0.6
},
{
"db": "AIXAPAR",
"id": "PI16710",
"trust": 0.6
},
{
"db": "XF",
"id": "93338",
"trust": 0.6
},
{
"db": "XF",
"id": "20143042",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201406-169",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03649"
},
{
"db": "BID",
"id": "67944"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002817"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-169"
},
{
"db": "NVD",
"id": "CVE-2014-3042"
}
]
},
"id": "VAR-201406-0327",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03649"
}
],
"trust": 1.2666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03649"
}
]
},
"last_update_date": "2025-04-13T23:14:46.631000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "1675195",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675195"
},
{
"title": "IBM CICS Transaction Server has an unspecified security vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/46390"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03649"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002817"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002817"
},
{
"db": "NVD",
"id": "CVE-2014-3042"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675195"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pi16727"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pi16726"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pi16710"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/67944"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/59242"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93338"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3042"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3042"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/93338"
},
{
"trust": 0.3,
"url": "http://www.ibm.com"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21675195"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03649"
},
{
"db": "BID",
"id": "67944"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002817"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-169"
},
{
"db": "NVD",
"id": "CVE-2014-3042"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-03649"
},
{
"db": "BID",
"id": "67944"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002817"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-169"
},
{
"db": "NVD",
"id": "CVE-2014-3042"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03649"
},
{
"date": "2014-06-06T00:00:00",
"db": "BID",
"id": "67944"
},
{
"date": "2014-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002817"
},
{
"date": "2014-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-169"
},
{
"date": "2014-06-10T11:19:35.453000",
"db": "NVD",
"id": "CVE-2014-3042"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03649"
},
{
"date": "2014-06-06T00:00:00",
"db": "BID",
"id": "67944"
},
{
"date": "2014-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002817"
},
{
"date": "2014-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-169"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-3042"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-169"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "z/OS Run on IBM CICS Transaction Server Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002817"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-169"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…