4.3
CVE-2016-0268
- EPSS 0.19%
- Published 09.03.2018 19:29:00
- Last modified 21.11.2024 02:41:23
- Source psirt@us.ibm.com
- Teams watchlist Login
- Open Login
XML external entity (XXE) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote authenticated users to obtain sensitive information via crafted XML data. IBM X-Force ID: 110915.
Data is provided by the National Vulnerability Database (NVD)
Ibm ≫ Financial Transaction Manager SwPlatformach_services Version >= 3.0.0.0 <= 3.0.0.12
Ibm ≫ Financial Transaction Manager SwPlatformcheck_services Version >= 3.0.0.0 <= 3.0.0.12
Ibm ≫ Financial Transaction Manager SwPlatformcps_services Version >= 3.0.0.0 <= 3.0.0.12
Ibm ≫ Financial Transaction Manager Version2.1.1.2 SwPlatformach_services
Ibm ≫ Financial Transaction Manager Version2.1.1.2 SwPlatformcheck_services
Ibm ≫ Financial Transaction Manager Version2.1.1.2 SwPlatformcps_services
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.375 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-611 Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.