Details of VAR-201406-0327

ID

VAR-201406-0327

CVE

CVE-2014-3042

TITLE

z/OS Run on IBM CICS Transaction Server Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-002817

DESCRIPTION

IBM CICS Transaction Server 3.1, 3.2, 4.1, 4.2, and 5.1 on z/OS does not properly implement CEMT transactions, which allows remote authenticated users to cause a denial of service (storage overlay) by using a 3270 emulator to send an invalid 3270 data stream. IBM CICS Transaction Server is a transaction processing server that runs primarily on IBM System z mainframes based on IBM z/OS. An unspecified security vulnerability exists in IBM CICS Transaction Server. Little is known about this issue or its effects at this time. We will update this BID as more information emerges

Trust: 2.43

sources: NVD: CVE-2014-3042 // JVNDB: JVNDB-2014-002817 // CNVD: CNVD-2014-03649 // BID: 67944

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-03649

AFFECTED PRODUCTS

vendor:	ibm	model:	cics transaction server	scope:	eq	version:	3.1	Trust: 2.2
vendor:	ibm	model:	cics transaction server	scope:	eq	version:	3.2	Trust: 2.2
vendor:	ibm	model:	cics transaction server	scope:	eq	version:	4.1	Trust: 2.2
vendor:	ibm	model:	cics transaction server	scope:	eq	version:	5.1	Trust: 2.2
vendor:	ibm	model:	cics transaction server	scope:	eq	version:	-	Trust: 1.6
vendor:	ibm	model:	cics transaction server for z/os	scope:	eq	version:	5.1	Trust: 1.1
vendor:	ibm	model:	cics transaction server for z/os	scope:	eq	version:	4.2	Trust: 1.1
vendor:	ibm	model:	cics transaction server for z/os	scope:	eq	version:	4.1	Trust: 1.1
vendor:	ibm	model:	cics transaction server for z/os	scope:	eq	version:	3.2	Trust: 1.1
vendor:	ibm	model:	cics transaction server for z/os	scope:	eq	version:	3.1	Trust: 1.1
vendor:	ibm	model:	cics transaction server	scope:	eq	version:	4.2	Trust: 0.6

sources: CNVD: CNVD-2014-03649 // BID: 67944 // JVNDB: JVNDB-2014-002817 // CNNVD: CNNVD-201406-169 // NVD: CVE-2014-3042

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3042
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3042
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-03649
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201406-169
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2014-3042
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-03649
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-03649 // JVNDB: JVNDB-2014-002817 // CNNVD: CNNVD-201406-169 // NVD: CVE-2014-3042

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2014-002817 // NVD: CVE-2014-3042

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201406-169

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201406-169

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002817

PATCH

title:	1675195	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21675195	Trust: 0.8
title:	IBM CICS Transaction Server has an unspecified security vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/46390	Trust: 0.6

sources: CNVD: CNVD-2014-03649 // JVNDB: JVNDB-2014-002817

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3042	Trust: 3.3
db:	BID	id:	67944	Trust: 1.9
db:	SECUNIA	id:	59242	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-002817	Trust: 0.8
db:	CNVD	id:	CNVD-2014-03649	Trust: 0.6
db:	AIXAPAR	id:	PI16726	Trust: 0.6
db:	AIXAPAR	id:	PI16727	Trust: 0.6
db:	AIXAPAR	id:	PI16710	Trust: 0.6
db:	XF	id:	93338	Trust: 0.6
db:	XF	id:	20143042	Trust: 0.6
db:	CNNVD	id:	CNNVD-201406-169	Trust: 0.6

sources: CNVD: CNVD-2014-03649 // BID: 67944 // JVNDB: JVNDB-2014-002817 // CNNVD: CNNVD-201406-169 // NVD: CVE-2014-3042

REFERENCES

url:	http://www-01.ibm.com/support/docview.wss?uid=swg21675195	Trust: 2.2
url:	http://www-01.ibm.com/support/docview.wss?uid=swg1pi16727	Trust: 1.6
url:	http://www-01.ibm.com/support/docview.wss?uid=swg1pi16726	Trust: 1.6
url:	http://www-01.ibm.com/support/docview.wss?uid=swg1pi16710	Trust: 1.6
url:	http://www.securityfocus.com/bid/67944	Trust: 1.0
url:	http://secunia.com/advisories/59242	Trust: 1.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/93338	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3042	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3042	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/93338	Trust: 0.6
url:	http://www.ibm.com	Trust: 0.3
url:	https://www-304.ibm.com/support/docview.wss?uid=swg21675195	Trust: 0.3

sources: CNVD: CNVD-2014-03649 // BID: 67944 // JVNDB: JVNDB-2014-002817 // CNNVD: CNNVD-201406-169 // NVD: CVE-2014-3042

CREDITS

IBM

Trust: 0.3

sources: BID: 67944

SOURCES

db:	CNVD	id:	CNVD-2014-03649
db:	BID	id:	67944
db:	JVNDB	id:	JVNDB-2014-002817
db:	CNNVD	id:	CNNVD-201406-169
db:	NVD	id:	CVE-2014-3042

LAST UPDATE DATE

2025-04-13T23:14:46.631000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-03649	date:	2014-06-13T00:00:00
db:	BID	id:	67944	date:	2014-06-06T00:00:00
db:	JVNDB	id:	JVNDB-2014-002817	date:	2014-06-11T00:00:00
db:	CNNVD	id:	CNNVD-201406-169	date:	2014-06-17T00:00:00
db:	NVD	id:	CVE-2014-3042	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-03649	date:	2014-06-13T00:00:00
db:	BID	id:	67944	date:	2014-06-06T00:00:00
db:	JVNDB	id:	JVNDB-2014-002817	date:	2014-06-11T00:00:00
db:	CNNVD	id:	CNNVD-201406-169	date:	2014-06-11T00:00:00
db:	NVD	id:	CVE-2014-3042	date:	2014-06-10T11:19:35.453