Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for ACH Services for Multi-Platform

Summary

There is a vulnerability in IBM® Runtime Environment Java™ Version 7 or Version 8 by Financial Transaction Manager for ACH Services for Multi-Platform (FTM ACH). Financial Transaction Manager for ACH Services for Multi-Platform has addressed the applicable CVE.

Vulnerability Details

CVEID: CVE-2019-2684 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded RMI component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159776&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)

Affected Products and Versions

FTM ACH: v3.0.6.0 - 3.0.6.7, v3.1.0.0 - 3.1.0.3

Remediation/Fixes

Product

|

VRMF

|

APAR

|

Remediation / First Fix

—|—|—|—
FTM ACH | 3.0.6.0 - 3.0.6.7 | PH11962 | 3.0.6-FTM-ACH-MP-fp0008
FTM ACH | 3.1.0.0 - 3.1.0.3 | PH11962 |

3.1.0.3-FTM-ACH-MP-iFix0006

Workarounds and Mitigations

None