CVE-2022-34312 is a medium-severity vulnerability identified in IBM CICS TX version 11.1, categorized under CWE-200, which pertains to the exposure of sensitive information to unauthorized actors. IBM CICS TX is a transaction server widely used in enterprise environments for managing high-volume online transaction processing. The vulnerability arises because the product allows web pages to be stored locally on the system in a manner that they can be accessed and read by other users on the same system. This local storage of web pages potentially contains sensitive information that should not be accessible to unauthorized users. The vulnerability does not require authentication or user interaction to be exploited, but it does require local access (AV:L - Attack Vector: Local). The CVSS v3.1 base score is 4.0, reflecting a low to medium impact primarily on confidentiality, with no impact on integrity or availability. The attack complexity is low, and no privileges are required, but the scope is unchanged, meaning the vulnerability affects only the local system where CICS TX is installed. There are no known exploits in the wild, and no patches or mitigation links were provided at the time of publication. The vulnerability's root cause is improper access control on locally stored web page files, which can lead to unauthorized disclosure of sensitive data to other users on the same host system.

For European organizations using IBM CICS TX 11.1, this vulnerability poses a risk of unauthorized disclosure of sensitive transactional or operational data stored within locally cached web pages. While the vulnerability requires local access, in environments where multiple users share systems or where insider threats exist, this could lead to exposure of confidential business information, customer data, or internal process details. The impact on confidentiality could affect compliance with GDPR and other data protection regulations, potentially leading to legal and reputational consequences. Since the vulnerability does not affect system integrity or availability, direct disruption of services is unlikely. However, the exposure of sensitive information could facilitate further targeted attacks or insider misuse. Organizations with multi-user mainframe or transaction processing environments, especially those with less stringent user separation controls, are at higher risk. The lack of known exploits reduces immediate threat but does not eliminate the risk, especially in environments where attackers may have local access or where privilege escalation is possible.

To mitigate this vulnerability, European organizations should implement strict access controls on the file system level to restrict read permissions of locally stored web pages to only authorized service accounts or administrators. Employing mandatory access control (MAC) mechanisms or using encryption for locally stored files can further reduce unauthorized access risks. Regular audits of file permissions and user access rights on systems running CICS TX 11.1 are recommended to detect and remediate overly permissive settings. Organizations should also consider isolating environments where CICS TX is deployed to minimize the number of users with local access. Monitoring and logging access to these files can help detect suspicious activity. Since no patches were provided at the time of this report, organizations should engage with IBM support for updates or workarounds. Additionally, reviewing and hardening user account management policies, including limiting the number of users with local system access, will reduce the attack surface. Finally, educating system administrators and users about the risks of local file exposure and enforcing least privilege principles are critical.