Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMBE3301EC0016CF3062879F7F66AEAC7DE75D2A988B0CB89D1F994FD478B167DD
HistoryJun 11, 2021 - 1:28 a.m.

Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential caching vulnerability (CVE-2020-5003

2021-06-1101:28:40
www.ibm.com
10

0.002 Low

EPSS

Percentile

52.5%

JSON

Summary

Potential web serivces XML Enternal Entity Injection (XXE) attack.

Vulnerability Details

CVEID:CVE-2020-5003
**DESCRIPTION:**IBM Financial Transaction Manager is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192956 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
Financial Transaction Manager for Corporate Payment Services for MP 3.2.4

Remediation/Fixes

Product ** VRMF** Issue Remediation / First Fix
FTM CPS
3.2.4.0
117178 3.2.4.0-FTM-CPS-MP-iFix0005

Workarounds and Mitigations

None

CPENameOperatorVersion
financial transaction managereq3.2.4

Related

prion 1
cvelist 1
cve 1
nvd 1
ibm 1
prion
prion
Xxe
2021-06-11 15:15:00
cvelist
cvelist
CVE-2020-5003
2021-06-10 00:00:00
cve
cve
CVE-2020-5003
2021-06-11 15:15:07
nvd
nvd
CVE-2020-5003
2021-06-11 15:15:07
ibm
ibm
Security Bulletin: Financial Transaction Manager for Digital Payments, High Value Payments and Corporate Payment Services are impacted by multiple vulnerabilities.
2023-02-28 20:44:34

0.002 Low

EPSS

Percentile

52.5%

JSON
Related for BE3301EC0016CF3062879F7F66AEAC7DE75D2A988B0CB89D1F994FD478B167DD
prion1cvelist1cve1nvd1ibm1