7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
IBM Financial Transaction Manager for Corporate Payment Services (FTM CPS) for Multi-Platform has addressed the following vulnerability. A potential vulnerability in the Apache Commons Beanutils module could allow unauthorized access to the classloader.
CVEID: CVE-2019-10086 DESCRIPTION: Apache Commons Beanutils could allow a remote attacker to gain unauthorized access to the system, caused by the failure to suppresses the class property in bean introspection by default. An attacker could exploit this vulnerability to gain unauthorized access to the classloader.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/166353> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
v3.0.2.0 - 3.0.2.1, v3.2.1.0
Product
|
VRMF
|
APAR
|
Remediation/First Fix
—|—|—|—
FTM CPS | 3.0.2.0 - 3.0.2.1 | PH16877 | 3.0.2.1-FTM-CPS-MP-iFix0020
FTM CPS | 3.2.1.0 | PH16877 | 3.2.1.0-FTM-CPS-MP-iFix0002
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm financial transaction manager | eq | 3.0.2 | |
ibm financial transaction manager | eq | 3.2.1 |
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P