Potential web serivces XML Enternal Entity Injection (XXE) attack.
CVEID:CVE-2020-5003
**DESCRIPTION:**IBM Financial Transaction Manager is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192956 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
Financial Transaction Manager for Corporate Payment Services for MP | 3.2.4 |
Product | ** VRMF** | Issue | Remediation / First Fix |
---|---|---|---|
FTM CPS | |||
3.2.4.0 | |||
117178 | 3.2.4.0-FTM-CPS-MP-iFix0005 |
None
CPE | Name | Operator | Version |
---|---|---|---|
financial transaction manager | eq | 3.2.4 |