CVE-2016-5920

Опубликовано: 29 окт. 2016

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financial Transaction Manager (FTM) for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Ссылки

http://www-01.ibm.com/support/docview.wss?uid=swg1PI67537
Not Applicable
http://www-01.ibm.com/support/docview.wss?uid=swg21989060
Patch
Vendor Advisory
http://www.securityfocus.com/bid/92634
http://www-01.ibm.com/support/docview.wss?uid=swg1PI67537
Not Applicable
http://www-01.ibm.com/support/docview.wss?uid=swg21989060
Patch
Vendor Advisory
http://www.securityfocus.com/bid/92634

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.0:*:*:*:*:cps_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.1:*:*:*:*:cps_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.2:*:*:*:*:cps_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.3:*:*:*:*:cps_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.4:*:*:*:*:cps_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.5:*:*:*:*:cps_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.6:*:*:*:*:cps_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.7:*:*:*:*:cps_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.8:*:*:*:*:cps_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.9:*:*:*:*:cps_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.10:*:*:*:*:cps_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.11:*:*:*:*:cps_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.12:*:*:*:*:cps_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.13:*:*:*:*:cps_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.14:*:*:*:*:cps_services:*:*

Конфигурация 2

Одно из

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.0:*:*:*:*:check_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.1:*:*:*:*:check_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.2:*:*:*:*:check_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.3:*:*:*:*:check_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.4:*:*:*:*:check_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.5:*:*:*:*:check_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.6:*:*:*:*:check_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.7:*:*:*:*:check_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.8:*:*:*:*:check_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.9:*:*:*:*:check_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.10:*:*:*:*:check_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.11:*:*:*:*:check_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.12:*:*:*:*:check_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.13:*:*:*:*:check_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.14:*:*:*:*:check_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.1.0:*:*:*:*:check_services:*:*

Конфигурация 3

Одно из

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.0:*:*:*:*:ach_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.1:*:*:*:*:ach_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.2:*:*:*:*:ach_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.3:*:*:*:*:ach_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.4:*:*:*:*:ach_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.5:*:*:*:*:ach_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.6:*:*:*:*:ach_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.7:*:*:*:*:ach_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.8:*:*:*:*:ach_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.9:*:*:*:*:ach_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.10:*:*:*:*:ach_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.11:*:*:*:*:ach_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.12:*:*:*:*:ach_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.13:*:*:*:*:ach_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.14:*:*:*:*:ach_services:*:*

cpe:2.3:a:ibm:financial_transaction_manager:3.0.1.0:*:*:*:*:ach_services:*:*

EPSS

Процентиль: 42%

0.00199

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-q322-qvg2-4p4w

CVSS3: 5.4

github

больше 3 лет назад

EPSS

Процентиль: 42%

0.00199

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79