What is the vulnerability ID of this vulnerability?

The vulnerability ID of this vulnerability is CVE-2020-5003.

What is IBM Financial Transaction Manager?

IBM Financial Transaction Manager is a software product used for managing financial transactions in an organization.

What is XML External Entity Injection (XXE) attack?

XML External Entity Injection (XXE) is a type of attack that exploits vulnerabilities in the processing of XML data, allowing an attacker to expose sensitive information or consume memory resources.

What is the severity of CVE-2020-5003?

The severity of CVE-2020-5003 is critical with a score of 9.1 out of 10.

How can I fix the vulnerability CVE-2020-5003?

To fix the vulnerability CVE-2020-5003, update IBM Financial Transaction Manager to version 3.2.11 or apply the necessary patches provided by IBM.

Vulnerability/
CVE-2020-5003

critical

9.1

CWE

611

11/6/2021

16/9/2024

CVE-2020-5003: XEE

First published: Fri Jun 11 2021(Updated: )

IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192956.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Financial Transaction Manager for Corporate Payment Services for Multi-Platform	<=3.2.0-3.2.10
IBM Financial Transaction Manager for Digital Payments for Multi-Platform	<=3.2.0-3.2.10
IBM Financial Transaction Manager for High Value Payments for Multi-Platform	<=3.2.0-3.2.10
Ibm Financial Transaction Manager	=3.2.4

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6958504

Frequently Asked Questions

What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2020-5003.
What is IBM Financial Transaction Manager?
IBM Financial Transaction Manager is a software product used for managing financial transactions in an organization.
What is XML External Entity Injection (XXE) attack?
XML External Entity Injection (XXE) is a type of attack that exploits vulnerabilities in the processing of XML data, allowing an attacker to expose sensitive information or consume memory resources.
What is the severity of CVE-2020-5003?
The severity of CVE-2020-5003 is critical with a score of 9.1 out of 10.
How can I fix the vulnerability CVE-2020-5003?
To fix the vulnerability CVE-2020-5003, update IBM Financial Transaction Manager to version 3.2.11 or apply the necessary patches provided by IBM.

agent/softwarecombine
agent/type
collector/mitre-cve
source/MITRE
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/last-modified-date
agent/author
agent/weakness
agent/severity
agent/references
agent/tags
agent/description
agent/event
agent/first-publish-date
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm financial transaction manager for corporate payment services for multi-platform
version/ibm financial transaction manager for corporate payment services for multi-platform/3.2.0-3.2.10
canonical/ibm financial transaction manager for digital payments for multi-platform
version/ibm financial transaction manager for digital payments for multi-platform/3.2.0-3.2.10
canonical/ibm financial transaction manager for high value payments for multi-platform
version/ibm financial transaction manager for high value payments for multi-platform/3.2.0-3.2.10
canonical/ibm financial transaction manager
version/ibm financial transaction manager/3.2.4