Lucene search
IbmCVE-2016-5920HistoryOct 29, 2016 - 1:59 a.m.
CVE-2016-5920
2016-10-2901:59:35
CWE-79
ibm
web.nvd.nist.gov
28
cve-2016-5920
cross-site scripting
xss vulnerability
web ui
ibm financial transaction manager
ach services
nvd
security vulnerability
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
5.1
Confidence
High
EPSS
0.001
Percentile
31.0%
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financial Transaction Manager (FTM) for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Affected configurations
Node
ibmfinancial_transaction_managerMatch3.0.0.0cps_services
ORibmfinancial_transaction_managerMatch3.0.0.1cps_services
ORibmfinancial_transaction_managerMatch3.0.0.2cps_services
ORibmfinancial_transaction_managerMatch3.0.0.3cps_services
ORibmfinancial_transaction_managerMatch3.0.0.4cps_services
ORibmfinancial_transaction_managerMatch3.0.0.5cps_services
ORibmfinancial_transaction_managerMatch3.0.0.6cps_services
ORibmfinancial_transaction_managerMatch3.0.0.7cps_services
ORibmfinancial_transaction_managerMatch3.0.0.8cps_services
ORibmfinancial_transaction_managerMatch3.0.0.9cps_services
ORibmfinancial_transaction_managerMatch3.0.0.10cps_services
ORibmfinancial_transaction_managerMatch3.0.0.11cps_services
ORibmfinancial_transaction_managerMatch3.0.0.12cps_services
ORibmfinancial_transaction_managerMatch3.0.0.13cps_services
ORibmfinancial_transaction_managerMatch3.0.0.14cps_services
Node
ibmfinancial_transaction_managerMatch3.0.0.0check_services
ORibmfinancial_transaction_managerMatch3.0.0.1check_services
ORibmfinancial_transaction_managerMatch3.0.0.2check_services
ORibmfinancial_transaction_managerMatch3.0.0.3check_services
ORibmfinancial_transaction_managerMatch3.0.0.4check_services
ORibmfinancial_transaction_managerMatch3.0.0.5check_services
ORibmfinancial_transaction_managerMatch3.0.0.6check_services
ORibmfinancial_transaction_managerMatch3.0.0.7check_services
ORibmfinancial_transaction_managerMatch3.0.0.8check_services
ORibmfinancial_transaction_managerMatch3.0.0.9check_services
ORibmfinancial_transaction_managerMatch3.0.0.10check_services
ORibmfinancial_transaction_managerMatch3.0.0.11check_services
ORibmfinancial_transaction_managerMatch3.0.0.12check_services
ORibmfinancial_transaction_managerMatch3.0.0.13check_services
ORibmfinancial_transaction_managerMatch3.0.0.14check_services
ORibmfinancial_transaction_managerMatch3.0.1.0check_services
Node
ibmfinancial_transaction_managerMatch3.0.0.0ach_services
ORibmfinancial_transaction_managerMatch3.0.0.1ach_services
ORibmfinancial_transaction_managerMatch3.0.0.2ach_services
ORibmfinancial_transaction_managerMatch3.0.0.3ach_services
ORibmfinancial_transaction_managerMatch3.0.0.4ach_services
ORibmfinancial_transaction_managerMatch3.0.0.5ach_services
ORibmfinancial_transaction_managerMatch3.0.0.6ach_services
ORibmfinancial_transaction_managerMatch3.0.0.7ach_services
ORibmfinancial_transaction_managerMatch3.0.0.8ach_services
ORibmfinancial_transaction_managerMatch3.0.0.9ach_services
ORibmfinancial_transaction_managerMatch3.0.0.10ach_services
ORibmfinancial_transaction_managerMatch3.0.0.11ach_services
ORibmfinancial_transaction_managerMatch3.0.0.12ach_services
ORibmfinancial_transaction_managerMatch3.0.0.13ach_services
ORibmfinancial_transaction_managerMatch3.0.0.14ach_services
ORibmfinancial_transaction_managerMatch3.0.1.0ach_services
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | financial_transaction_manager | 3.0.0.0 | cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.0:*:*:*:*:cps_services:*:* |
| ibm | financial_transaction_manager | 3.0.0.1 | cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.1:*:*:*:*:cps_services:*:* |
| ibm | financial_transaction_manager | 3.0.0.2 | cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.2:*:*:*:*:cps_services:*:* |
| ibm | financial_transaction_manager | 3.0.0.3 | cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.3:*:*:*:*:cps_services:*:* |
| ibm | financial_transaction_manager | 3.0.0.4 | cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.4:*:*:*:*:cps_services:*:* |
| ibm | financial_transaction_manager | 3.0.0.5 | cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.5:*:*:*:*:cps_services:*:* |
| ibm | financial_transaction_manager | 3.0.0.6 | cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.6:*:*:*:*:cps_services:*:* |
| ibm | financial_transaction_manager | 3.0.0.7 | cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.7:*:*:*:*:cps_services:*:* |
| ibm | financial_transaction_manager | 3.0.0.8 | cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.8:*:*:*:*:cps_services:*:* |
| ibm | financial_transaction_manager | 3.0.0.9 | cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.9:*:*:*:*:cps_services:*:* |
Related
ibm
ibm
nvd
nvd
CVE-2016-5920
2016-10-29 01:59:35
cvelist
cvelist
CVE-2016-5920
2016-10-29 01:00:00
prion
prion
Cross site scripting
2016-10-29 01:59:00
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
5.1
Confidence
High
EPSS
0.001
Percentile
31.0%
Related for CVE-2016-5920