Security Bulletin: Financial Transaction Manager for Corporate Payment Services 2.1.1: Information Leakage in configuration listing (CVE-2018-1670)

2019-02-2217:25:01

www.ibm.com

0.001 Low

EPSS

Percentile

26.6%

JSON

Summary

IBM Financial Transaction Manager for Corporate Payment Services (FTM CPS) for Multi-Platform could allow an authenticated user to obtain sensitive product configuration information from log files.

Vulnerability Details

CVEID: CVE-2018-1670 DESCRIPTION: IBM Financial Transaction Manager for ACH Services for Multi-Platform could allow an authenticated user to obtain sensitive product configuration information from log files.
CVSS Base Score: 3.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144946> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

FTM CPS v2.1.1.0 - 2.1.1.4

Remediation/Fixes

Product

VRMF

APAR

Remediation/First Fix

—|—|—|—

FTM CPS

2.1.1.0 - 2.1.1.4

PH02831

2.1.1-FTM-CPS-MP-fp0005

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm financial transaction managereq2.1.1

CPE	Name	Operator	Version
	ibm financial transaction manager	eq	2.1.1

0.001 Low

EPSS

Percentile

26.6%

JSON

Related for 2415730A645321845F6676A905931ACCCEBCB38AA5CF06BC701C0B370AF06B78