Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential Cross-Site Scripting (Reflected) vulnerability (CVE-2020-4560)

2021-04-1500:30:16

www.ibm.com

ibm

financial transaction manager

cross-site scripting

vulnerability

credentials disclosure

web ui

remediation

EPSS

0.001

Percentile

29.7%

JSON

Summary

This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Vulnerability Details

CVEID:CVE-2020-4560
**DESCRIPTION:**IBM Financial Transaction Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 4.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/183900 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
Financial Transaction Manager for Corporate Payment Services for MP	3.0.2
Financial Transaction Manager for Corporate Payment Services for MP	3.2.1
Financial Transaction Manager for Corporate Payment Services for MP	3.2.4

Remediation/Fixes

Product	VRMF	Issue	Remediation / First Fix
FTM CPS	3.2.4.0	111092	3.2.4.0-FTM-CPS-MP-iFix0001
FTM CPS	3.2.1.0	111092	3.2.1.0-FTM-CPS-MP-iFix0004
FTM CPS	3.0.2.0 - 3.0.2.1	111092	3.0.2.1-FTM-CPS-MP-iFix0022

Workarounds and Mitigations

None

EPSS

0.001

Percentile

29.7%

JSON

Related for D376086A650C99A24F740AC5DC64B375394625862CDCC03606B6F3073DDCA6F2