Cross-Site Request Forgery Vulnerability in IBM Financial Transaction Manager
CVE-2021-39044

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Financial Transaction Manager
Vendor: CVE Published:; 2 February 2022

Summary

IBM Financial Transaction Manager version 3.2.4 is susceptible to a cross-site request forgery vulnerability. This weakness could enable an attacker to perform unauthorized actions on behalf of a trusted user. By exploiting this flaw, attackers may send malicious requests that appear legitimate, compromising the integrity of user interactions with the application. This vulnerability emphasizes the need for robust CSRF protection mechanisms within web applications.

References

https://www.ibm.com/support/pages/node/6527892

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/214210

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 2, 2022
Vulnerability Reserved
Aug 16, 2021