IBM14BF284A40B765A4B7E7526AA1030F81F3826B1EB2B59E83454F5D7A5B6941E7Security Bulletin: Financial Transaction Manager for ACH Services has a potential Denial of Service (DOS) vulnerability (CVE-2018-1391)
0.001 Low
EPSS
Percentile
42.3%
Summary
Financial Transaction Manager (FTM) for ACH Services has addressed a potential Denial of Service (DOS) vulnerability for some web services in the web services component.
Vulnerability Details
CVEID: CVE-2018-1391**
DESCRIPTION:** IBM Financial Transaction Manager for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could cause a denial of service.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138376> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
- FTM for ACH Services v3.0.4, v3.1.0
Remediation/Fixes
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
FTM for ACH Services| 3.0.4.0
3.1.0| PI93287| 3.0.4 apply 3.0.4.1-FTM-ACH-MP-iFix0001 or later.
3.1.0 apply 3.1.0-FTM-ACH-MP-fp0001 or later.
|
|
|
|
|
|
|
|
|
Workarounds and Mitigations
None
Related
0.001 Low
EPSS
Percentile
42.3%