CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
26.8%
IBM Safer Payments can be crashed by sending specially crafted API calls. This vulnerability has been addressed.
CVEID:CVE-2020-4729
**DESCRIPTION:**IBM Counter Fraud Management for Safer Payments could allow an authenticated attacker under special circumstances to send multiple specially crafted API requests that could cause the application to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188052 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s): IBM Safer Payments
Version(s): 5.7.0.00 - 5.7.0.10, 6.0.0.00 - 6.0.0.07, 6.1.0.00 - 6.1.0.05, and 6.2.0.00 - 6.2.1.00
Update IBM Safer Payments to version 5.7.0.11, 6.0.0.08, 6.1.0.06, 6.2.1.01 or higher.
Refer to the IBM Safer Payments documentation to download the updates.
Revoke the privilege to execute that maintenance function from all user accounts.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | safer_payments | 5.7 | cpe:2.3:a:ibm:safer_payments:5.7:*:*:*:*:*:*:* |
ibm | safer_payments | 6.0 | cpe:2.3:a:ibm:safer_payments:6.0:*:*:*:*:*:*:* |
ibm | safer_payments | 6.1 | cpe:2.3:a:ibm:safer_payments:6.1:*:*:*:*:*:*:* |
ibm | safer_payments | 6.2 | cpe:2.3:a:ibm:safer_payments:6.2:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
26.8%