What is the severity of CVE-2017-1160?

CVE-2017-1160 is classified as a high severity vulnerability due to its potential for credential disclosure.

How do I fix CVE-2017-1160?

To fix CVE-2017-1160, users should apply the latest updates provided by IBM for the Financial Transaction Manager.

What type of vulnerability is CVE-2017-1160?

CVE-2017-1160 is a cross-site scripting (XSS) vulnerability impacting IBM Financial Transaction Manager.

Which versions of IBM Financial Transaction Manager are affected by CVE-2017-1160?

CVE-2017-1160 affects versions 3.0.0.0 through 3.0.0.15 of IBM Financial Transaction Manager.

What could an attacker achieve by exploiting CVE-2017-1160?

An attacker exploiting CVE-2017-1160 could embed arbitrary JavaScript code in the Web UI, potentially leading to credential disclosure.

Vulnerability/
CVE-2017-1160

medium

5.4

CWE

17/4/2017

5/8/2024

CVE-2017-1160: XSS

First published: Mon Apr 17 2017(Updated: )

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122892.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Financial Transaction Manager	=3.0.0.0
IBM Financial Transaction Manager	=3.0.0.1
IBM Financial Transaction Manager	=3.0.0.2
IBM Financial Transaction Manager	=3.0.0.3
IBM Financial Transaction Manager	=3.0.0.4
IBM Financial Transaction Manager	=3.0.0.5
IBM Financial Transaction Manager	=3.0.0.6
IBM Financial Transaction Manager	=3.0.0.7
IBM Financial Transaction Manager	=3.0.0.8
IBM Financial Transaction Manager	=3.0.0.9
IBM Financial Transaction Manager	=3.0.0.10
IBM Financial Transaction Manager	=3.0.0.11
IBM Financial Transaction Manager	=3.0.0.12
IBM Financial Transaction Manager	=3.0.0.13
IBM Financial Transaction Manager	=3.0.0.14
IBM Financial Transaction Manager	=3.0.0.15
IBM Financial Transaction Manager	=3.0.0.0
IBM Financial Transaction Manager	=3.0.0.1
IBM Financial Transaction Manager	=3.0.0.2
IBM Financial Transaction Manager	=3.0.0.3
IBM Financial Transaction Manager	=3.0.0.4
IBM Financial Transaction Manager	=3.0.0.5
IBM Financial Transaction Manager	=3.0.0.6
IBM Financial Transaction Manager	=3.0.0.7
IBM Financial Transaction Manager	=3.0.0.8
IBM Financial Transaction Manager	=3.0.0.9
IBM Financial Transaction Manager	=3.0.0.10
IBM Financial Transaction Manager	=3.0.0.11
IBM Financial Transaction Manager	=3.0.0.12
IBM Financial Transaction Manager	=3.0.0.13
IBM Financial Transaction Manager	=3.0.0.14
IBM Financial Transaction Manager	=3.0.0.15
IBM Financial Transaction Manager	=3.0.0.0
IBM Financial Transaction Manager	=3.0.0.1
IBM Financial Transaction Manager	=3.0.0.2
IBM Financial Transaction Manager	=3.0.0.3
IBM Financial Transaction Manager	=3.0.0.4
IBM Financial Transaction Manager	=3.0.0.5
IBM Financial Transaction Manager	=3.0.0.6
IBM Financial Transaction Manager	=3.0.0.7
IBM Financial Transaction Manager	=3.0.0.8
IBM Financial Transaction Manager	=3.0.0.9
IBM Financial Transaction Manager	=3.0.0.10
IBM Financial Transaction Manager	=3.0.0.11
IBM Financial Transaction Manager	=3.0.0.12
IBM Financial Transaction Manager	=3.0.0.13
IBM Financial Transaction Manager	=3.0.0.14
IBM Financial Transaction Manager	=3.0.0.15

Remedy

http://www.ibm.com/support/docview.wss?uid=swg22001574

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-1160?
CVE-2017-1160 is classified as a high severity vulnerability due to its potential for credential disclosure.
How do I fix CVE-2017-1160?
To fix CVE-2017-1160, users should apply the latest updates provided by IBM for the Financial Transaction Manager.
What type of vulnerability is CVE-2017-1160?
CVE-2017-1160 is a cross-site scripting (XSS) vulnerability impacting IBM Financial Transaction Manager.
Which versions of IBM Financial Transaction Manager are affected by CVE-2017-1160?
CVE-2017-1160 affects versions 3.0.0.0 through 3.0.0.15 of IBM Financial Transaction Manager.
What could an attacker achieve by exploiting CVE-2017-1160?
An attacker exploiting CVE-2017-1160 could embed arbitrary JavaScript code in the Web UI, potentially leading to credential disclosure.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/author
agent/last-modified-date
agent/remedy
agent/severity
agent/first-publish-date
agent/event
agent/description
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm financial transaction manager
version/ibm financial transaction manager/3.0.0.0
version/ibm financial transaction manager/3.0.0.1
version/ibm financial transaction manager/3.0.0.2
version/ibm financial transaction manager/3.0.0.3
version/ibm financial transaction manager/3.0.0.4
version/ibm financial transaction manager/3.0.0.5
version/ibm financial transaction manager/3.0.0.6
version/ibm financial transaction manager/3.0.0.7
version/ibm financial transaction manager/3.0.0.8
version/ibm financial transaction manager/3.0.0.9
version/ibm financial transaction manager/3.0.0.10
version/ibm financial transaction manager/3.0.0.11
version/ibm financial transaction manager/3.0.0.12
version/ibm financial transaction manager/3.0.0.13
version/ibm financial transaction manager/3.0.0.14
version/ibm financial transaction manager/3.0.0.15