← Back

CVE-2016-0272

nvd nist
Published: Mar 9, 2018Modified: Nov 21, 2024

JSON object

Loading...
8.0
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.1 / Impact: 5.9
Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors. IBM X-Force ID: 111052.

Affected (6)

Ibm
1 product
Financial Transaction Manager
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Financial Transaction Manager
From 3.0.0.0 to 3.0.0.12
Financial Transaction Manager
From 3.0.0.0 to 3.0.0.12
Financial Transaction Manager
From 3.0.0.0 to 3.0.0.12
Financial Transaction Manager
Version 2.1.1.2
Financial Transaction Manager
Version 2.1.1.2
Financial Transaction Manager
Version 2.1.1.2

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

Source: psirt@us.ibm.com
PatchVendor Advisory
Source: psirt@us.ibm.com
VDB EntryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
VDB EntryVendor Advisory

Timeline

No history available yet.