Cross-Site Scripting Vulnerability in IBM Financial Transaction Manager
CVE-2020-4560

4.7MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
3 August 2020

Summary

IBM Financial Transaction Manager version 3.2.4 is susceptible to a Cross-Site Scripting (XSS) vulnerability, which enables attackers to inject arbitrary JavaScript code into the Web UI. This security flaw could be exploited to manipulate the application's intended functionality, potentially leading to the disclosure of sensitive user credentials within a trusted session.

Affected Version(s)

Financial Transaction Manager 3.2.4

References

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.