Lucene search

IBM2251A254E998CC9BF4ED4B2AA6CD412774544CEAEC44FFC10CE86D33B617D968

HistoryFeb 13, 2020 - 6:40 p.m.

Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for Digital Payments

2020-02-1318:40:29

www.ibm.com

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

JSON

Summary

There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by Financial Transaction Manager for Digital Payments. Financial Transaction Manager for Digital Payments (FTM DP) has addressed the applicable CVE.<br>If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the "IBM Java SDK Security Bulletin", located in the References section for more information.

Vulnerability Details

CVEID:CVE-2019-2964
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169270 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s)	Version(s)
Financial Transaction Manager for Digital Payments for Multi-Platform	3.2.2

Remediation/Fixes

Product

VRMF

APAR

Remediation / First Fix

—|—|—|—
FTM DP | 3.2.2.0 - 3.2.2.1 | PH19963 | 3.2.2.1-FTM-DP-MP-iFix0001

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm financial transaction managereq3.2.2

CPE	Name	Operator	Version
	ibm financial transaction manager	eq	3.2.2

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

JSON

Related for 2251A254E998CC9BF4ED4B2AA6CD412774544CEAEC44FFC10CE86D33B617D968