Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM92F603EF9FECAD2DFB1515D56C2524366CC9D90FDBDFCD3872D9222AB8FF5A4B
HistoryJun 16, 2018 - 7:59 p.m.

Security Bulletin: IBM Financial Transaction Manager for ACH Services, Check Services and Corporate Payment Services: Information leakage and Access Control (CVE-2016-0231, CVE-2016-0232)

2018-06-1619:59:04
www.ibm.com
3

0.002 Low

EPSS

Percentile

59.1%

JSON

Summary

Information Leakage: When an exception occurs the resulting text displayed to the user may contain internal information.
Access Control: Could allow an authenticated attacker to obtain sensitive information from README files that could aid in further attacks against the system.
Note: The CVE descriptions reference FTM for ACH Services, but they also apply to Check and CPS.

Vulnerability Details

CVEID: CVE-2016-0231**
DESCRIPTION:** IBM Financial Transaction Manager for ACH Services for Multi-Platform could allow an authenticated user to obtain sensitive information contained in error logs.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110299 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2016-0232**
DESCRIPTION:** IBM Financial Transaction Manager for ACH Services for Multi-Platform could allow an authenticated attacker to obtain sensitive information from README files that could aid in further attacks against the system.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110300 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

- FTM for ACH v3.0.0.0, v3.0.0.1, v3.0.0.2, v3.0.0.3, v3.0.0.4, v3.0.0.5, v3.0.0.6, v3.0.0.7, v3.0.0.8, v3.0.0.9, v3.0.0.10, 3.0.0.11

- FTM for Check v3.0.0.0, v3.0.0.1, v3.0.0.2, v3.0.0.3, v3.0.0.4, v3.0.0.5, v3.0.0.6, v3.0.0.7, v3.0.0.8, v3.0.0.9, v3.0.0.10, 3.0.0.11

- FTM for CPS v3.0.0.0, v3.0.0.1, v3.0.0.2, v3.0.0.3, v3.0.0.4, v3.0.0.5, v3.0.0.6, v3.0.0.7, v3.0.0.8, v3.0.0.9, v3.0.0.10, 3.0.0.11

Remediation/Fixes

Product

| VRMF| APAR| Remediation/First Fix
—|—|—|—
FTM for ACH Services| _3.0.0.0 through _
3.0.0.11| PI56757, PI56762| Apply 3.0.0-FTM-ACH-MP-fp0012 or later.
FTM for Check Services| _3.0.0.0 through _
3.0.0.11| PI56758, PI56763| Apply 3.0.0-FTM-Check-MP-fp0012 or later.
FTM for CPS Services| _3.0.0.0 through _
3.0.0.11| PI56759, PI56764| Apply 3.0.0-FTM-CPS-MP-fp0012 or later.

Workarounds and Mitigations

None

Related

nvd 2
cve 2
ibm 2
cvelist 2
prion 2
nvd
nvd
CVE-2016-0232
2016-02-15 23:59:01
CVE-2016-0231
2016-02-15 23:59:00
cve
cve
CVE-2016-0232
2016-02-15 23:59:01
CVE-2016-0231
2016-02-15 23:59:00
ibm
ibm
Security Bulletin: Financial Transaction Manager for Corporate Payment Services Access Control: Information leakage in error handling (CVE-2016-0231 )
2018-06-16 19:59:19
Security Bulletin: Financial Transaction Manager for Corporate Payment Services Access Control: Information Disclosure - Dojo Readme's (CVE-2016-0232)
2018-06-16 19:59:17
cvelist
cvelist
CVE-2016-0231
2016-02-15 23:00:00
CVE-2016-0232
2016-02-15 23:00:00
prion
prion
Design/Logic Flaw
2016-02-15 23:59:00
Code injection
2016-02-15 23:59:00

0.002 Low

EPSS

Percentile

59.1%

JSON
Related for 92F603EF9FECAD2DFB1515D56C2524366CC9D90FDBDFCD3872D9222AB8FF5A4B
nvd2cve2ibm2cvelist2prion2