cve-2016-3060
Vulnerability from cvelistv5
Published
2016-10-29 01:00
Modified
2024-08-05 23:40
Severity ?
EPSS score ?
Summary
Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:40:15.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PI64064",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI64064"
},
{
"name": "PI64063",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI64063"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989060"
},
{
"name": "PI67537",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI67537"
},
{
"name": "92633",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92633"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "PI64064",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI64064"
},
{
"name": "PI64063",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI64063"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989060"
},
{
"name": "PI67537",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI67537"
},
{
"name": "92633",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92633"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-3060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PI64064",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI64064"
},
{
"name": "PI64063",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI64063"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21989060",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989060"
},
{
"name": "PI67537",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI67537"
},
{
"name": "92633",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92633"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-3060",
"datePublished": "2016-10-29T01:00:00",
"dateReserved": "2016-03-09T00:00:00",
"dateUpdated": "2024-08-05T23:40:15.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.0:*:*:*:*:cps_services:*:*\", \"matchCriteriaId\": \"26CDAAB7-BB25-46A4-8461-F1C38D06BEAE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.1:*:*:*:*:cps_services:*:*\", \"matchCriteriaId\": \"DB4BBD67-40E3-4C72-AC18-18367B6EBB9E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.2:*:*:*:*:cps_services:*:*\", \"matchCriteriaId\": \"D9879971-7293-48E5-949F-41F6662E4FE8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.3:*:*:*:*:cps_services:*:*\", \"matchCriteriaId\": \"732296A1-EC45-4463-A9AA-785C1DBAFB23\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.4:*:*:*:*:cps_services:*:*\", \"matchCriteriaId\": \"07FED46E-BDF6-4276-9D0F-D2DC355FFE42\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.5:*:*:*:*:cps_services:*:*\", \"matchCriteriaId\": \"663CF79F-5BB3-4DED-8FFA-B061C1759E6B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.6:*:*:*:*:cps_services:*:*\", \"matchCriteriaId\": \"C995D268-E461-4DFA-ABA7-CF92F5E21B13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.7:*:*:*:*:cps_services:*:*\", \"matchCriteriaId\": \"F9A94033-3A68-434A-BE0B-4C39AFE36815\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.8:*:*:*:*:cps_services:*:*\", \"matchCriteriaId\": \"A3FDF1FF-4170-4C49-9452-409BD60E27E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.9:*:*:*:*:cps_services:*:*\", \"matchCriteriaId\": \"DFCD696D-9AA6-4EB0-A063-0EB88911BA46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.10:*:*:*:*:cps_services:*:*\", \"matchCriteriaId\": \"0C219381-6EB4-4185-ACFD-5AFC1EE9C904\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.11:*:*:*:*:cps_services:*:*\", \"matchCriteriaId\": \"909E2A77-C98F-4A9E-A545-53FB6EEFC2D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.12:*:*:*:*:cps_services:*:*\", \"matchCriteriaId\": \"36CD6331-8B39-4867-A1FA-D4F0C661B328\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.13:*:*:*:*:cps_services:*:*\", \"matchCriteriaId\": \"12C336AD-2D70-4572-BE4B-26BA1E16ADA0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.14:*:*:*:*:cps_services:*:*\", \"matchCriteriaId\": \"A226640E-53DD-4BF7-AC52-15FA2155871B\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.0:*:*:*:*:ach_services:*:*\", \"matchCriteriaId\": \"BFE21BBF-0E20-4AFD-906E-540D59085272\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.1:*:*:*:*:ach_services:*:*\", \"matchCriteriaId\": \"218C7941-5410-4D6E-8993-B84B8F280B97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.2:*:*:*:*:ach_services:*:*\", \"matchCriteriaId\": \"2DC81C13-65ED-461E-8456-E263A6A9932C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.3:*:*:*:*:ach_services:*:*\", \"matchCriteriaId\": \"D33ADBBE-B37D-4A93-AA34-6F54D4C0D674\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.4:*:*:*:*:ach_services:*:*\", \"matchCriteriaId\": \"9EC6EE69-6BDA-40C1-9C06-644280880CC7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.5:*:*:*:*:ach_services:*:*\", \"matchCriteriaId\": \"66D61600-0A87-45CC-8058-8200CF1647A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.6:*:*:*:*:ach_services:*:*\", \"matchCriteriaId\": \"7E558E06-8248-4268-AB97-5E22EF9468C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.7:*:*:*:*:ach_services:*:*\", \"matchCriteriaId\": \"4C3F3899-485A-4C41-BBFE-3B503D97E5F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.8:*:*:*:*:ach_services:*:*\", \"matchCriteriaId\": \"CD961902-1422-411B-A7D2-7438B7E5F116\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.9:*:*:*:*:ach_services:*:*\", \"matchCriteriaId\": \"61F256B7-A3F2-408B-BF91-578828790788\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.10:*:*:*:*:ach_services:*:*\", \"matchCriteriaId\": \"3B711386-2A5A-4CA4-8A58-C06481C10EAB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.11:*:*:*:*:ach_services:*:*\", \"matchCriteriaId\": \"D0C77B57-ED51-4DE3-B343-A7D72FC15EE5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.12:*:*:*:*:ach_services:*:*\", \"matchCriteriaId\": \"AB1B52C7-ABFC-4FA3-95CE-CECBFA9EBBC7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.13:*:*:*:*:ach_services:*:*\", \"matchCriteriaId\": \"73CC6E49-C8C4-4C84-9E9C-98252B7E90F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.14:*:*:*:*:ach_services:*:*\", \"matchCriteriaId\": \"20978BBB-7F70-4C51-B05A-39DA559B0FA8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.1.0:*:*:*:*:ach_services:*:*\", \"matchCriteriaId\": \"A54ECEEB-089D-440D-81B2-83B618CEBB03\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.0:*:*:*:*:check_services:*:*\", \"matchCriteriaId\": \"24A1AB2E-11A8-4AC0-B564-D5CED110E4F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.1:*:*:*:*:check_services:*:*\", \"matchCriteriaId\": \"E674013B-5615-48DA-9970-66943707DFC1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.2:*:*:*:*:check_services:*:*\", \"matchCriteriaId\": \"99848055-53C5-48DF-9356-2C446702917B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.3:*:*:*:*:check_services:*:*\", \"matchCriteriaId\": \"5DD5DB60-82C0-429C-9AA7-E29BD406CE82\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.4:*:*:*:*:check_services:*:*\", \"matchCriteriaId\": \"27CF5D42-D567-4969-A314-39CA7008B4B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.5:*:*:*:*:check_services:*:*\", \"matchCriteriaId\": \"E36B582D-B6F4-474E-88DF-AF661A42C29C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.6:*:*:*:*:check_services:*:*\", \"matchCriteriaId\": \"8B4B266B-5D90-41D4-8392-E35D890BED2F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.7:*:*:*:*:check_services:*:*\", \"matchCriteriaId\": \"D40478F6-AAC5-4E09-AEBE-B5899D847EA2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.8:*:*:*:*:check_services:*:*\", \"matchCriteriaId\": \"54ADD20D-5702-46A2-9FF8-37617BEACEE1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.9:*:*:*:*:check_services:*:*\", \"matchCriteriaId\": \"0E0738E7-87E8-4161-8BCB-F282DC3640E0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.10:*:*:*:*:check_services:*:*\", \"matchCriteriaId\": \"0C49A3B1-EB10-41FF-9EF5-FCAAC7BC130E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.11:*:*:*:*:check_services:*:*\", \"matchCriteriaId\": \"C2FB6109-46B3-4E8F-AA8F-4878A9C39D57\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.12:*:*:*:*:check_services:*:*\", \"matchCriteriaId\": \"98C99D64-6746-4FE9-9458-48A00216EA17\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.13:*:*:*:*:check_services:*:*\", \"matchCriteriaId\": \"B6E607C5-C403-48C2-938E-DCEB0C4FFFEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.14:*:*:*:*:check_services:*:*\", \"matchCriteriaId\": \"4D3DA2C9-472A-4966-B577-E449DBBB6011\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:financial_transaction_manager:3.0.1.0:*:*:*:*:check_services:*:*\", \"matchCriteriaId\": \"8CCFD9FE-1FD8-4A2C-B4F9-60F701FA1BC7\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.\"}, {\"lang\": \"es\", \"value\": \"Payments Director en IBM Financial Transaction Manager (FTM) para ACH Services, Check Services y Corporate Payment Services (CPS) 3.0.0.x en versiones anteriores a fp0015 y 3.0.1.0 en versiones anteriores a iFix0002 permite a usuarios remotos autenticados llevar a cabo ataques de clickjacking a trav\\u00e9s de un sitio web manipulado.\"}]",
"id": "CVE-2016-3060",
"lastModified": "2024-11-21T02:49:16.870",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N\", \"baseScore\": 5.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.1, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:P/A:N\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2016-10-29T01:59:12.697",
"references": "[{\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg1PI64063\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg1PI64064\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg1PI67537\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg21989060\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/92633\", \"source\": \"psirt@us.ibm.com\"}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg1PI64063\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg1PI64064\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg1PI67537\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg21989060\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/92633\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-3060\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2016-10-29T01:59:12.697\",\"lastModified\":\"2024-11-21T02:49:16.870\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.\"},{\"lang\":\"es\",\"value\":\"Payments Director en IBM Financial Transaction Manager (FTM) para ACH Services, Check Services y Corporate Payment Services (CPS) 3.0.0.x en versiones anteriores a fp0015 y 3.0.1.0 en versiones anteriores a iFix0002 permite a usuarios remotos autenticados llevar a cabo ataques de clickjacking a trav\u00e9s de un sitio web manipulado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N\",\"baseScore\":5.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.1,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.0:*:*:*:*:cps_services:*:*\",\"matchCriteriaId\":\"26CDAAB7-BB25-46A4-8461-F1C38D06BEAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.1:*:*:*:*:cps_services:*:*\",\"matchCriteriaId\":\"DB4BBD67-40E3-4C72-AC18-18367B6EBB9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.2:*:*:*:*:cps_services:*:*\",\"matchCriteriaId\":\"D9879971-7293-48E5-949F-41F6662E4FE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.3:*:*:*:*:cps_services:*:*\",\"matchCriteriaId\":\"732296A1-EC45-4463-A9AA-785C1DBAFB23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.4:*:*:*:*:cps_services:*:*\",\"matchCriteriaId\":\"07FED46E-BDF6-4276-9D0F-D2DC355FFE42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.5:*:*:*:*:cps_services:*:*\",\"matchCriteriaId\":\"663CF79F-5BB3-4DED-8FFA-B061C1759E6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.6:*:*:*:*:cps_services:*:*\",\"matchCriteriaId\":\"C995D268-E461-4DFA-ABA7-CF92F5E21B13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.7:*:*:*:*:cps_services:*:*\",\"matchCriteriaId\":\"F9A94033-3A68-434A-BE0B-4C39AFE36815\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.8:*:*:*:*:cps_services:*:*\",\"matchCriteriaId\":\"A3FDF1FF-4170-4C49-9452-409BD60E27E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.9:*:*:*:*:cps_services:*:*\",\"matchCriteriaId\":\"DFCD696D-9AA6-4EB0-A063-0EB88911BA46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.10:*:*:*:*:cps_services:*:*\",\"matchCriteriaId\":\"0C219381-6EB4-4185-ACFD-5AFC1EE9C904\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.11:*:*:*:*:cps_services:*:*\",\"matchCriteriaId\":\"909E2A77-C98F-4A9E-A545-53FB6EEFC2D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.12:*:*:*:*:cps_services:*:*\",\"matchCriteriaId\":\"36CD6331-8B39-4867-A1FA-D4F0C661B328\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.13:*:*:*:*:cps_services:*:*\",\"matchCriteriaId\":\"12C336AD-2D70-4572-BE4B-26BA1E16ADA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.14:*:*:*:*:cps_services:*:*\",\"matchCriteriaId\":\"A226640E-53DD-4BF7-AC52-15FA2155871B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.0:*:*:*:*:ach_services:*:*\",\"matchCriteriaId\":\"BFE21BBF-0E20-4AFD-906E-540D59085272\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.1:*:*:*:*:ach_services:*:*\",\"matchCriteriaId\":\"218C7941-5410-4D6E-8993-B84B8F280B97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.2:*:*:*:*:ach_services:*:*\",\"matchCriteriaId\":\"2DC81C13-65ED-461E-8456-E263A6A9932C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.3:*:*:*:*:ach_services:*:*\",\"matchCriteriaId\":\"D33ADBBE-B37D-4A93-AA34-6F54D4C0D674\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.4:*:*:*:*:ach_services:*:*\",\"matchCriteriaId\":\"9EC6EE69-6BDA-40C1-9C06-644280880CC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.5:*:*:*:*:ach_services:*:*\",\"matchCriteriaId\":\"66D61600-0A87-45CC-8058-8200CF1647A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.6:*:*:*:*:ach_services:*:*\",\"matchCriteriaId\":\"7E558E06-8248-4268-AB97-5E22EF9468C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.7:*:*:*:*:ach_services:*:*\",\"matchCriteriaId\":\"4C3F3899-485A-4C41-BBFE-3B503D97E5F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.8:*:*:*:*:ach_services:*:*\",\"matchCriteriaId\":\"CD961902-1422-411B-A7D2-7438B7E5F116\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.9:*:*:*:*:ach_services:*:*\",\"matchCriteriaId\":\"61F256B7-A3F2-408B-BF91-578828790788\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.10:*:*:*:*:ach_services:*:*\",\"matchCriteriaId\":\"3B711386-2A5A-4CA4-8A58-C06481C10EAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.11:*:*:*:*:ach_services:*:*\",\"matchCriteriaId\":\"D0C77B57-ED51-4DE3-B343-A7D72FC15EE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.12:*:*:*:*:ach_services:*:*\",\"matchCriteriaId\":\"AB1B52C7-ABFC-4FA3-95CE-CECBFA9EBBC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.13:*:*:*:*:ach_services:*:*\",\"matchCriteriaId\":\"73CC6E49-C8C4-4C84-9E9C-98252B7E90F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.14:*:*:*:*:ach_services:*:*\",\"matchCriteriaId\":\"20978BBB-7F70-4C51-B05A-39DA559B0FA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.1.0:*:*:*:*:ach_services:*:*\",\"matchCriteriaId\":\"A54ECEEB-089D-440D-81B2-83B618CEBB03\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.0:*:*:*:*:check_services:*:*\",\"matchCriteriaId\":\"24A1AB2E-11A8-4AC0-B564-D5CED110E4F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.1:*:*:*:*:check_services:*:*\",\"matchCriteriaId\":\"E674013B-5615-48DA-9970-66943707DFC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.2:*:*:*:*:check_services:*:*\",\"matchCriteriaId\":\"99848055-53C5-48DF-9356-2C446702917B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.3:*:*:*:*:check_services:*:*\",\"matchCriteriaId\":\"5DD5DB60-82C0-429C-9AA7-E29BD406CE82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.4:*:*:*:*:check_services:*:*\",\"matchCriteriaId\":\"27CF5D42-D567-4969-A314-39CA7008B4B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.5:*:*:*:*:check_services:*:*\",\"matchCriteriaId\":\"E36B582D-B6F4-474E-88DF-AF661A42C29C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.6:*:*:*:*:check_services:*:*\",\"matchCriteriaId\":\"8B4B266B-5D90-41D4-8392-E35D890BED2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.7:*:*:*:*:check_services:*:*\",\"matchCriteriaId\":\"D40478F6-AAC5-4E09-AEBE-B5899D847EA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.8:*:*:*:*:check_services:*:*\",\"matchCriteriaId\":\"54ADD20D-5702-46A2-9FF8-37617BEACEE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.9:*:*:*:*:check_services:*:*\",\"matchCriteriaId\":\"0E0738E7-87E8-4161-8BCB-F282DC3640E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.10:*:*:*:*:check_services:*:*\",\"matchCriteriaId\":\"0C49A3B1-EB10-41FF-9EF5-FCAAC7BC130E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.11:*:*:*:*:check_services:*:*\",\"matchCriteriaId\":\"C2FB6109-46B3-4E8F-AA8F-4878A9C39D57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.12:*:*:*:*:check_services:*:*\",\"matchCriteriaId\":\"98C99D64-6746-4FE9-9458-48A00216EA17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.13:*:*:*:*:check_services:*:*\",\"matchCriteriaId\":\"B6E607C5-C403-48C2-938E-DCEB0C4FFFEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.14:*:*:*:*:check_services:*:*\",\"matchCriteriaId\":\"4D3DA2C9-472A-4966-B577-E449DBBB6011\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:financial_transaction_manager:3.0.1.0:*:*:*:*:check_services:*:*\",\"matchCriteriaId\":\"8CCFD9FE-1FD8-4A2C-B4F9-60F701FA1BC7\"}]}]}],\"references\":[{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1PI64063\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1PI64064\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1PI67537\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21989060\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/92633\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1PI64063\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1PI64064\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1PI67537\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21989060\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/92633\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.