Vulnerability Details : CVE-2016-3060
Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.
Vulnerability category: BypassGain privilege
Products affected by CVE-2016-3060
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.0:*:*:*:*:ach_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.8:*:*:*:*:ach_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.7:*:*:*:*:ach_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.6:*:*:*:*:ach_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.5:*:*:*:*:ach_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.10:*:*:*:*:ach_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.3:*:*:*:*:ach_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.1:*:*:*:*:ach_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.11:*:*:*:*:ach_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.9:*:*:*:*:ach_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.4:*:*:*:*:ach_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.2:*:*:*:*:ach_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.11:*:*:*:*:check_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.10:*:*:*:*:check_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.5:*:*:*:*:check_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.4:*:*:*:*:check_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.3:*:*:*:*:check_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.2:*:*:*:*:check_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.9:*:*:*:*:check_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.7:*:*:*:*:check_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.0:*:*:*:*:check_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.8:*:*:*:*:check_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.6:*:*:*:*:check_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.1:*:*:*:*:check_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.9:*:*:*:*:cps_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.8:*:*:*:*:cps_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.7:*:*:*:*:cps_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.1:*:*:*:*:cps_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.0:*:*:*:*:cps_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.11:*:*:*:*:cps_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.4:*:*:*:*:cps_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.2:*:*:*:*:cps_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.6:*:*:*:*:cps_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.10:*:*:*:*:cps_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.5:*:*:*:*:cps_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.3:*:*:*:*:cps_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.12:*:*:*:*:cps_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.13:*:*:*:*:cps_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.14:*:*:*:*:cps_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.14:*:*:*:*:ach_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.1.0:*:*:*:*:ach_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.13:*:*:*:*:ach_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.12:*:*:*:*:ach_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.12:*:*:*:*:check_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.13:*:*:*:*:check_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.1.0:*:*:*:*:check_services:*:*
- cpe:2.3:a:ibm:financial_transaction_manager:3.0.0.14:*:*:*:*:check_services:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-3060
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 40 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-3060
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:N/I:P/A:N |
6.8
|
2.9
|
NIST | |
5.7
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N |
2.1
|
3.6
|
NIST |
CWE ids for CVE-2016-3060
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-3060
-
http://www-01.ibm.com/support/docview.wss?uid=swg1PI64064
IBM notice: The page you requested cannot be displayedNot Applicable
-
http://www.securityfocus.com/bid/92633
IBM Financial Transaction Manager CVE-2016-3060 Clickjacking Vulnerability
-
http://www-01.ibm.com/support/docview.wss?uid=swg1PI67537
IBM notice: The page you requested cannot be displayedNot Applicable
-
http://www-01.ibm.com/support/docview.wss?uid=swg1PI64063
IBM notice: The page you requested cannot be displayedNot Applicable
-
http://www-01.ibm.com/support/docview.wss?uid=swg21989060
IBM Security Bulletin: Multiple vulnerabilities in IBM Financial Transaction Manager for ACH Services, Check Services, Corporate Payment Services (CVE-2016-5920, CVE-2016-1181, CVE-2016-1182, CVE-2016Patch;Vendor Advisory
Jump to