CVE-2020-5001: IBM Financial Transaction Manager path traversal
First published: Mon Feb 27 2023(Updated: )
IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 192953.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ibm Financial Transaction Manager | >=3.2.0<=3.2.7 | |
| IBM Financial Transaction Manager for Corporate Payment Services for Multi-Platform | <=3.2.0-3.2.10 | |
| IBM Financial Transaction Manager for Digital Payments for Multi-Platform | <=3.2.0-3.2.10 | |
| IBM Financial Transaction Manager for High Value Payments for Multi-Platform | <=3.2.0-3.2.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this IBM Financial Transaction Manager vulnerability?
The vulnerability ID for this IBM Financial Transaction Manager vulnerability is CVE-2020-5001.
What is the severity rating of CVE-2020-5001?
The severity rating of CVE-2020-5001 is high (7.5).
How does CVE-2020-5001 affect IBM Financial Transaction Manager?
CVE-2020-5001 allows a remote attacker to traverse directories on the system, potentially enabling them to view arbitrary files.
Which versions of IBM Financial Transaction Manager are affected by CVE-2020-5001?
IBM Financial Transaction Manager versions 3.2.0 through 3.2.7 are affected by CVE-2020-5001.
How can I fix CVE-2020-5001 in IBM Financial Transaction Manager?
To fix CVE-2020-5001 in IBM Financial Transaction Manager, apply the appropriate patch or update provided by IBM.
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/author
- collector/mitre-cve
- source/MITRE
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/title
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/description
- agent/event
- vendor/ibm
- canonical/ibm financial transaction manager
- version/ibm financial transaction manager/3.2.0
- version/ibm financial transaction manager/3.2.7
- canonical/ibm financial transaction manager for corporate payment services for multi-platform
- version/ibm financial transaction manager for corporate payment services for multi-platform/3.2.0-3.2.10
- canonical/ibm financial transaction manager for digital payments for multi-platform
- version/ibm financial transaction manager for digital payments for multi-platform/3.2.0-3.2.10
- canonical/ibm financial transaction manager for high value payments for multi-platform
- version/ibm financial transaction manager for high value payments for multi-platform/3.2.0-3.2.10