CVE-2014-0833

2014-02-0115:55:04

CWE-264

[email protected]

web.nvd.nist.gov

ibm financial transaction manager

oac

cve-2014-0833

security vulnerability

access restrictions

6.2 Medium

AI Score

Confidence

Low

5.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

42.3%

JSON

The OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 does not properly enforce operator-intervention requirements, which allows remote authenticated users to bypass intended access restrictions via an unspecified process step.

Affected configurations

NVD

Node

ibmfinancial_transaction_managerMatch2.0.0.0

ibmfinancial_transaction_managerMatch2.0.0.1

ibmfinancial_transaction_managerMatch2.0.0.2

CPENameOperatorVersion
ibm:financial_transaction_manageribm financial transaction managereq2.0.0.0
ibm:financial_transaction_manageribm financial transaction managereq2.0.0.1
ibm:financial_transaction_manageribm financial transaction managereq2.0.0.2

CPE	Name	Operator	Version
ibm:financial_transaction_manager	ibm financial transaction manager	eq	2.0.0.0
ibm:financial_transaction_manager	ibm financial transaction manager	eq	2.0.0.1
ibm:financial_transaction_manager	ibm financial transaction manager	eq	2.0.0.2