CVE-2026-0977

IBM CICS Transaction Gateway for Multiplatforms Information Disclosure

Assigner: ibm
Reserved: 15.01.2026 Published: 13.03.2026 Updated: 13.03.2026

IBM CICS Transaction Gateway for Multiplatforms 9.3 and 10.1 could allow a user to transfer or view files due to improper access controls.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVSS Score: 5.1

Attack Vector	Local	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	None	Integrity Impact	Low
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	IBM
Product	CICS Transaction Gateway for Multiplatforms
Versions	Default: unaffected Version 9.3 is affected Version 10.1 is affected

Vendor

IBM

Product

CICS Transaction Gateway for Multiplatforms

Versions

Default: unaffected

Version 9.3 is affected
Version 10.1 is affected

Solutions

IBM strongly recommends addressing the vulnerabilities now by configuring proper egress/ingress policies at either the POD or HOST level. More details as to how to do this are described in the following CICS Transaction Gateway for Multiplatforms documentation.

ProductVRMFRemediation/First FixCICS Transaction Gateway for Multiplatforms9.3Refer to this documentation https://www.ibm.com/docs/en/cics-tg-multi/9.3.0 CICS Transaction Gateway for Multiplatforms10.1Refer to this documentation https://www.ibm.com/docs/en/cics-tg-multi/10.1.0

References

Problem Types