Main Vulnerability Database Vulnerabilities #VU40063

Improper access control in Financial Transaction Manager - CVE-2016-3060

Published: October 29, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40063

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2016-3060

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
Financial Transaction Manager

Detailed vulnerability description

The vulnerability allows a remote authenticated user to manipulate data.

Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.

How to mitigate CVE-2016-3060

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/92633
http://www-01.ibm.com/support/docview.wss?uid=swg1PI64063
http://www-01.ibm.com/support/docview.wss?uid=swg1PI64064
http://www-01.ibm.com/support/docview.wss?uid=swg1PI67537
http://www-01.ibm.com/support/docview.wss?uid=swg21989060

Improper access control in Financial Transaction Manager - CVE-2016-3060

Detailed vulnerability description

How to mitigate CVE-2016-3060

Sources

Please verify you're human