SQL Injection Vulnerability in IBM Financial Transaction Manager
CVE-2020-4328

6.3MEDIUM

Key Information:

Vendor: IBM
Status: Financial Transaction Manager
Vendor: CVE Published:; 3 August 2020

Summary

IBM Financial Transaction Manager version 3.2.4 contains a vulnerability that allows remote attackers to perform SQL injection. This enables them to send specially crafted SQL statements, which could lead to unauthorized access to the back-end database. By exploiting this vulnerability, an attacker may gain the ability to view, add, modify, or delete sensitive information stored in the database, posing significant risks to data integrity and confidentiality.

Affected Version(s)

Financial Transaction Manager 3.2.4

References

https://www.ibm.com/support/pages/node/6255154

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/177839

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 3, 2020
Vulnerability Reserved
Dec 30, 2019