Lucene search

K
ibmIBM7E120392C6B27EF023444674C7B2E2BB0AF1032844B5941C3D340385D2344B0E
HistoryFeb 21, 2020 - 5:52 p.m.

Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential validation vulnerability (CVE-2019-10086)

2020-02-2117:52:58
www.ibm.com
12

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

Summary

IBM Financial Transaction Manager for Corporate Payment Services (FTM CPS) for Multi-Platform has addressed the following vulnerability. A potential vulnerability in the Apache Commons Beanutils module could allow unauthorized access to the classloader.

Vulnerability Details

CVEID: CVE-2019-10086 DESCRIPTION: Apache Commons Beanutils could allow a remote attacker to gain unauthorized access to the system, caused by the failure to suppresses the class property in bean introspection by default. An attacker could exploit this vulnerability to gain unauthorized access to the classloader.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/166353&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

v3.0.2.0 - 3.0.2.1, v3.2.1.0

Remediation/Fixes

Product

|

VRMF

|

APAR

|

Remediation/First Fix

—|—|—|—
FTM CPS | 3.0.2.0 - 3.0.2.1 | PH16877 | 3.0.2.1-FTM-CPS-MP-iFix0020
FTM CPS | 3.2.1.0 | PH16877 | 3.2.1.0-FTM-CPS-MP-iFix0002

Workarounds and Mitigations

None

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

Related for 7E120392C6B27EF023444674C7B2E2BB0AF1032844B5941C3D340385D2344B0E