CVE-2016-3060

MEDIUM

IBM Financial Transaction Manager 3.0.0.x-3.0.1.0 - Authenticated Clickjacking

Title source: llm
STIX 2.1

Description

Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.

References (5)

Core 5
Core References
Not Applicable vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PI64064
Not Applicable vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PI64063
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21989060
Not Applicable vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PI67537
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/92633

Scores

CVSS v3 5.7
EPSS 0.0080
EPSS Percentile 52.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-284
Status published
Products (16)
ibm/financial_transaction_manager 3.0.0.0 (3 CPE variants)
ibm/financial_transaction_manager 3.0.0.1 (3 CPE variants)
ibm/financial_transaction_manager 3.0.0.2 (3 CPE variants)
ibm/financial_transaction_manager 3.0.0.3 (3 CPE variants)
ibm/financial_transaction_manager 3.0.0.4 (3 CPE variants)
ibm/financial_transaction_manager 3.0.0.5 (3 CPE variants)
ibm/financial_transaction_manager 3.0.0.6 (3 CPE variants)
ibm/financial_transaction_manager 3.0.0.7 (3 CPE variants)
ibm/financial_transaction_manager 3.0.0.8 (3 CPE variants)
ibm/financial_transaction_manager 3.0.0.9 (3 CPE variants)
... and 6 more
Published Oct 29, 2016
Tracked Since Feb 18, 2026