Financial Transaction Manager (FTM) for ACH Services has addressed a potential input validation vulnerability for some web services in the web services component.
CVEID: CVE-2018-1392**
DESCRIPTION:** IBM Financial Transaction Manager for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could obtain sensitive information.
CVSS Base Score: 3.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138377> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)
- FTM for ACH Services v3.0.4, v3.1.0
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
FTM for ACH Services| 3.0.4.0
3.1.0| PI93292| 3.0.4 apply 3.0.4.1-FTM-ACH-MP-iFix0001 or later.
3.1.0 apply 3.1.0-FTM-ACH-MP-fp0001 or later.
|
|
|
|
|
|
|
|
|
None