Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveIbmCVE-2017-1160
HistoryApr 17, 2017 - 9:59 p.m.

CVE-2017-1160

2017-04-1721:59:00
CWE-79
ibm
web.nvd.nist.gov
28
ibm
financial transaction manager
ach services
xss
cross-site scripting
ibm x-force
credentials disclosure

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

18.9%

JSON

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122892.

Affected configurations

Nvd
Vulners
Node
ibmfinancial_transaction_managerMatch3.0.0.0cps_services
OR
ibmfinancial_transaction_managerMatch3.0.0.1cps_services
OR
ibmfinancial_transaction_managerMatch3.0.0.2cps_services
OR
ibmfinancial_transaction_managerMatch3.0.0.3cps_services
OR
ibmfinancial_transaction_managerMatch3.0.0.4cps_services
OR
ibmfinancial_transaction_managerMatch3.0.0.5cps_services
OR
ibmfinancial_transaction_managerMatch3.0.0.6cps_services
OR
ibmfinancial_transaction_managerMatch3.0.0.7cps_services
OR
ibmfinancial_transaction_managerMatch3.0.0.8cps_services
OR
ibmfinancial_transaction_managerMatch3.0.0.9cps_services
OR
ibmfinancial_transaction_managerMatch3.0.0.10cps_services
OR
ibmfinancial_transaction_managerMatch3.0.0.11cps_services
OR
ibmfinancial_transaction_managerMatch3.0.0.12cps_services
OR
ibmfinancial_transaction_managerMatch3.0.0.13cps_services
OR
ibmfinancial_transaction_managerMatch3.0.0.14cps_services
OR
ibmfinancial_transaction_managerMatch3.0.0.15cps_services
Node
ibmfinancial_transaction_managerMatch3.0.0.0check_services
OR
ibmfinancial_transaction_managerMatch3.0.0.1check_services
OR
ibmfinancial_transaction_managerMatch3.0.0.2check_services
OR
ibmfinancial_transaction_managerMatch3.0.0.3check_services
OR
ibmfinancial_transaction_managerMatch3.0.0.4check_services
OR
ibmfinancial_transaction_managerMatch3.0.0.5check_services
OR
ibmfinancial_transaction_managerMatch3.0.0.6check_services
OR
ibmfinancial_transaction_managerMatch3.0.0.7check_services
OR
ibmfinancial_transaction_managerMatch3.0.0.8check_services
OR
ibmfinancial_transaction_managerMatch3.0.0.9check_services
OR
ibmfinancial_transaction_managerMatch3.0.0.10check_services
OR
ibmfinancial_transaction_managerMatch3.0.0.11check_services
OR
ibmfinancial_transaction_managerMatch3.0.0.12check_services
OR
ibmfinancial_transaction_managerMatch3.0.0.13check_services
OR
ibmfinancial_transaction_managerMatch3.0.0.14check_services
OR
ibmfinancial_transaction_managerMatch3.0.0.15check_services
Node
ibmfinancial_transaction_managerMatch3.0.0.0ach_services
OR
ibmfinancial_transaction_managerMatch3.0.0.1ach_services
OR
ibmfinancial_transaction_managerMatch3.0.0.2ach_services
OR
ibmfinancial_transaction_managerMatch3.0.0.3ach_services
OR
ibmfinancial_transaction_managerMatch3.0.0.4ach_services
OR
ibmfinancial_transaction_managerMatch3.0.0.5ach_services
OR
ibmfinancial_transaction_managerMatch3.0.0.6ach_services
OR
ibmfinancial_transaction_managerMatch3.0.0.7ach_services
OR
ibmfinancial_transaction_managerMatch3.0.0.8ach_services
OR
ibmfinancial_transaction_managerMatch3.0.0.9ach_services
OR
ibmfinancial_transaction_managerMatch3.0.0.10ach_services
OR
ibmfinancial_transaction_managerMatch3.0.0.11ach_services
OR
ibmfinancial_transaction_managerMatch3.0.0.12ach_services
OR
ibmfinancial_transaction_managerMatch3.0.0.13ach_services
OR
ibmfinancial_transaction_managerMatch3.0.0.14ach_services
OR
ibmfinancial_transaction_managerMatch3.0.0.15ach_services
VendorProductVersionCPE
ibmfinancial_transaction_manager3.0.0.0cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.0:*:*:*:*:cps_services:*:*
ibmfinancial_transaction_manager3.0.0.1cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.1:*:*:*:*:cps_services:*:*
ibmfinancial_transaction_manager3.0.0.2cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.2:*:*:*:*:cps_services:*:*
ibmfinancial_transaction_manager3.0.0.3cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.3:*:*:*:*:cps_services:*:*
ibmfinancial_transaction_manager3.0.0.4cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.4:*:*:*:*:cps_services:*:*
ibmfinancial_transaction_manager3.0.0.5cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.5:*:*:*:*:cps_services:*:*
ibmfinancial_transaction_manager3.0.0.6cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.6:*:*:*:*:cps_services:*:*
ibmfinancial_transaction_manager3.0.0.7cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.7:*:*:*:*:cps_services:*:*
ibmfinancial_transaction_manager3.0.0.8cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.8:*:*:*:*:cps_services:*:*
ibmfinancial_transaction_manager3.0.0.9cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.9:*:*:*:*:cps_services:*:*
Rows per page:
1-10 of 481

CNA Affected

[
  {
    "product": "Financial Transaction Manager",
    "vendor": "IBM Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "3.0.0.0"
      },
      {
        "status": "affected",
        "version": "3.0.0.1"
      },
      {
        "status": "affected",
        "version": "3.0.0.2"
      },
      {
        "status": "affected",
        "version": "3.0.0.3"
      },
      {
        "status": "affected",
        "version": "3.0.0.4"
      },
      {
        "status": "affected",
        "version": "3.0.0.5"
      },
      {
        "status": "affected",
        "version": "3.0.0.6"
      },
      {
        "status": "affected",
        "version": "3.0.0.7"
      },
      {
        "status": "affected",
        "version": "3.0.0.8"
      },
      {
        "status": "affected",
        "version": "3.0.0.9"
      },
      {
        "status": "affected",
        "version": "3.0.0.10"
      },
      {
        "status": "affected",
        "version": "3.0.0.11"
      },
      {
        "status": "affected",
        "version": "3.0.0.12"
      },
      {
        "status": "affected",
        "version": "3.0.0.13"
      },
      {
        "status": "affected",
        "version": "3.0.0.14"
      },
      {
        "status": "affected",
        "version": "3.0.0.15"
      }
    ]
  }
]

Related

nvd 1
ibm 2
prion 1
cvelist 1
nvd
nvd
CVE-2017-1160
2017-04-17 21:59:00
ibm
ibm
Security Bulletin: Financial Transaction Manager for ACH Services, Check Services and Corporate Payment Services potential Cross Site Scripting vulnerabilities (CVE-2017-1160)
2018-06-16 20:09:17
Security Bulletin: Financial Transaction Manager for Corporate Payment Services potential Cross Site Scripting vulnerabilities (CVE-2017-1160)
2018-06-16 20:09:17
prion
prion
Cross site scripting
2017-04-17 21:59:00
cvelist
cvelist
CVE-2017-1160
2017-04-17 21:00:00

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

18.9%

JSON
Related for CVE-2017-1160
nvd1ibm2prion1cvelist1