nvd-json-data-feeds/CVE-2014/CVE-2014-08xx/CVE-2014-0831.json

{
  "id": "CVE-2014-0831",
  "sourceIdentifier": "psirt@us.ibm.com",
  "published": "2014-02-01T15:55:04.607",
  "lastModified": "2018-01-03T02:29:03.820",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that modify configuration data."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de CSRF en el componente OAC de IBM Financial Transaction Manager (FTM) 2.0 anterior a 2.0.0.3 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios para peticiones que modifican datos de configuraci\u00f3n."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:ibm:financial_transaction_manager:2.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE1B7481-D995-46AA-9761-481625A8E6CB"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:ibm:financial_transaction_manager:2.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "83DE18A8-618E-458A-B540-1691D822997E"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:ibm:financial_transaction_manager:2.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1273B643-91DC-48D7-A42B-449E7A2EA986"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://osvdb.org/102766",
      "source": "psirt@us.ibm.com"
    },
    {
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21662714",
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90585",
      "source": "psirt@us.ibm.com"
    }
  ]
}