High Severity

Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential code injection vulnerability (CVE-2020-5268)

Share this post:

The third party Dojo library could allow a remote attacker to inject arbitrary code on the system, caused by a prototype pollution flaw. By injecting other values, an attacker could exploit this vulnerability to overwrite, or pollute, a JavaScript application object prototype of the base object.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Financial Transaction Manager for Corporate Payment Services for MP 3.2.4
Financial Transaction Manager for Corporate Payment Services for MP 3.0.2

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6443575

More stories

Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Node.js lodash vulnerability (CVE-2020-28500)

Jun 18, 2021 8:00 pm EDT | High Severity

IBM Cloud Pak for Integration is vulnerable to lodash vulnerability CVE-2020-28500 with details below. ...read more


Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Node.js lodash vulnerability (CVE-2021-23337)

Jun 18, 2021 8:00 pm EDT | High Severity

IBM Cloud Pak for Integration is vulnerable to lodash vulnerability CVE-2021-23337 with details below. ...read more


Security Bulletin: A vulnerability have been identified in Apache Commons IO shipped with IBM Tivoli Netcool/OMNIbus Probe for Microsoft Exchange Web Services (CVE-2021-29425)

Jun 17, 2021 8:00 pm EDT | High Severity

Apache Commons IO is a dependency component shipped with the IBM Tivoli Netcool/OMNIbus Probe for Microsoft Exchange Web Services. Information about the security vulnerability affecting Apache Commons IO has been published. (CVE-2021-29425) ...read more