CVE-2016-3060 — Improper Access Control in IBM Financial Transaction Manager

CWE-284 — Improper Access Control3 documents3 sources

Severity

5.7MEDIUMNVD

EPSS

0.2%

top 63.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Financial Transaction Manager

Timeline

PublishedOct 29

Latest updateMay 17

Description

Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:NExploitability: 2.1 | Impact: 3.6

Affected Packages1 packages

▶NVDibm/financial_transaction_manager16 versions+15

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-wcm9-qmw5-8964: Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3↗2022-05-17

▶

CVEList

CVE-2016-3060: Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3↗2016-10-29

▶