| Vulnerability Name: | CVE-2014-0831 (CCN-90585) | ||||||||
| Assigned: | 2014-01-31 | ||||||||
| Published: | 2014-01-31 | ||||||||
| Updated: | 2018-01-03 | ||||||||
| Summary: | Cross-site request forgery (CSRF) vulnerability in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that modify configuration data. | ||||||||
| CVSS v3 Severity: | 2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-352 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2014-0831 Source: OSVDB Type: UNKNOWN 102766 Source: CCN Type: IBM Security Bulletin 1662714 IBM Financial Transaction Manager 2.0 and 2.1 OAC vulnerabilities (CVE-2014-0830, CVE-2014-0831, CVE-2014-0832 , CVE-2014-0833) Source: CONFIRM Type: Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21662714 Source: CCN Type: BID-65346 IBM Financial Transaction Manager Cross Site Request Forgery Vulnerability Source: XF Type: UNKNOWN ibm-ftm-cve20140831-csrf(90585) Source: XF Type: UNKNOWN ibm-ftm-cve20140831-csrf(90585) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||