Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM3792F9C9C54588E3284C94516873D2F4D172DCDDF0F511A78FFBA86174E69DE4
HistoryJul 31, 2020 - 2:35 p.m.

Security Bulletin: Financial Transaction Manager for High Value Payments is affected by a potential Cross-Site Scripting (Reflected) vulnerability (CVE-2020-4560)

2020-07-3114:35:50
www.ibm.com
8

EPSS

0.001

Percentile

29.7%

JSON

Summary

This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Vulnerability Details

CVEID:CVE-2020-4560
**DESCRIPTION:**IBM Financial Transaction Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 4.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/183900 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
Financial Transaction Manager for High Value Payments for Multi-Platform 3.2.4

Remediation/Fixes

Product VRMF Issue Remediation / First Fix
FTM HVP 3.2.4.0 111092 3.2.4.0-FTM-HVP-MP-iFix0001

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

Subscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html&gt;) to be notified of important product support alerts like this.

References

Complete CVSS v3 Guide
On-line Calculator v3

Off

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Change History

31 July 2020: Initial Publication

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

Document Location

Worldwide

[{“Business Unit”:{“code”:“BU059”,“label”:“IBM Software w/o TPS”},“Product”:{“code”:“SSPKQ5”,“label”:“IBM Financial Transaction Manager”},“Component”:“”,“Platform”:[{“code”:“PF025”,“label”:“Platform Independent”}],“Version”:“3.2.4”,“Edition”:“”,“Line of Business”:{“code”:“LOB10”,“label”:“Data and AI”}}]

Related

prion 1
ibm 2
nvd 1
cve 1
cvelist 1
prion
prion
Cross site scripting
2020-08-03 13:15:00
ibm
ibm
Security Bulletin: Financial Transaction Manager for Digital Payments is affected by a potential Cross-Site Scripting (Reflected) vulnerability (CVE-2020-4560)
2022-06-14 17:01:09
Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential Cross-Site Scripting (Reflected) vulnerability (CVE-2020-4560)
2021-04-15 00:30:16
nvd
nvd
CVE-2020-4560
2020-08-03 13:15:12
cve
cve
CVE-2020-4560
2020-08-03 13:15:12
cvelist
cvelist
CVE-2020-4560
2020-08-03 12:35:41

EPSS

0.001

Percentile

29.7%

JSON
Related for 3792F9C9C54588E3284C94516873D2F4D172DCDDF0F511A78FFBA86174E69DE4
prion1ibm2nvd1cve1cvelist1