CVE-2014-0831

Published: Feb 1, 2014Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that modify configuration data.

Affected (3)

Products: Ibm: Financial Transaction Manager

Ibm

1 product

Financial Transaction Manager

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ibm Financial Transaction Manager	Version 2.0.0.0
Ibm Financial Transaction Manager	Version 2.0.0.1
Ibm Financial Transaction Manager	Version 2.0.0.2

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

http://osvdb.org/102766

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21662714

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/90585

Source: psirt@us.ibm.com

http://osvdb.org/102766

Source: af854a3a-2127-422b-91ae-364da2661108

http://www-01.ibm.com/support/docview.wss?uid=swg21662714

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/90585

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.