IBMB2E57CBF508242490B7B1A472A656AB3A05A97B34F3F113AC3EBDCE4B258AA01Security Bulletin: Vulnerability in IBM Financial Transaction Manager for Corporate Payment Services (CVE-2016-5920)
EPSS
Percentile
31.0%
Summary
Vulnerability in IBM Financial Transaction Manager for Corporate Payment Services (CVE-2016-5920)
Vulnerability Details
CVEID: CVE-2016-5920**
DESCRIPTION:** IBM Financial Transaction Manager for ACH Services for Multi-Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115704 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
- FTM for CPS v2.1.1.0, v2.1.1.1, v2.1.1.2, v2.1.1.3
Remediation/Fixes
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
FTM for Corporate Payment Services| 2.1.1.0 through
2.1.1.4| PI67542| Apply 2.1.1-FTM-CPS-MP-fp0004 or later
Related
EPSS
Percentile
31.0%