CVE-2020-5026Information Exposure via Error Message in IBM Financial Transaction Manager

CWE-209Information Exposure via Error Message3 documents3 sources
Severity
7.5HIGHNVD
CNA4.3
EPSS
0.3%
top 47.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Financial Transaction Manager
Timeline
PublishedMar 1
Latest updateMar 2

Description

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 193662.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/financial_transaction_manager3.2.03.2.7
NVDibm/financial_transaction_manager3.2.0.03.2.7

🔴Vulnerability Details

2
GHSA
GHSA-75w9-v43p-rhcq: IBM Financial Transaction Manager for Digital Payments for Multi-Platform 32023-03-02
CVEList
CVE-2020-5026: IBM Financial Transaction Manager for Digital Payments for Multi-Platform 32023-03-01
CVE-2020-5026 — Information Exposure via Error Message | cvebase