4.3
CVE-2016-0268
- EPSS 0.19%
- Veröffentlicht 09.03.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 02:41:23
- Quelle psirt@us.ibm.com
- Teams Watchlist Login
- Unerledigt Login
XML external entity (XXE) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote authenticated users to obtain sensitive information via crafted XML data. IBM X-Force ID: 110915.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Financial Transaction Manager SwPlatformach_services Version >= 3.0.0.0 <= 3.0.0.12
Ibm ≫ Financial Transaction Manager SwPlatformcheck_services Version >= 3.0.0.0 <= 3.0.0.12
Ibm ≫ Financial Transaction Manager SwPlatformcps_services Version >= 3.0.0.0 <= 3.0.0.12
Ibm ≫ Financial Transaction Manager Version2.1.1.2 SwPlatformach_services
Ibm ≫ Financial Transaction Manager Version2.1.1.2 SwPlatformcheck_services
Ibm ≫ Financial Transaction Manager Version2.1.1.2 SwPlatformcps_services
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.375 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-611 Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.