CVE-2026-0977
Improper Access Control in IBM CICS Gateway Allows File Exposure
Publication date: 2026-03-16
Last updated on: 2026-04-02
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | cics_transaction_gateway | 9.3 |
| ibm | cics_transaction_gateway | 10.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The CVE-2026-0977 vulnerability affects IBM CICS Transaction Gateway for Multiplatforms versions 9.3 and 10.1. It is caused by improper access controls, which could allow a user to transfer or view files without proper authorization.
This means that someone with local access to the system might be able to access or move files they should not have permission to, due to insufficient restrictions on file access.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing unauthorized users to view or transfer files, potentially leading to a loss of confidentiality and integrity of your data.
Since the vulnerability requires local access and has low attack complexity, an attacker with local access could exploit it without needing special privileges or user interaction.
The impact does not affect system availability but could compromise sensitive information and data integrity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific detection commands or methods provided for identifying this vulnerability on your network or system.
The vulnerability affects IBM CICS Transaction Gateway for Multiplatforms versions 9.3 and 10.1 due to improper access controls allowing unauthorized file transfer or viewing.
Detection would likely involve verifying the version of the CICS Transaction Gateway in use and checking for proper access control configurations.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, IBM recommends configuring appropriate egress and ingress network policies at the POD or HOST level.
Detailed remediation instructions are available in the official CICS Transaction Gateway for Multiplatforms documentation for versions 9.3 and 10.1.
No specific workarounds or alternative mitigations beyond these configuration changes are noted.