Information Leakage: When an exception occurs the resulting text displayed to the user may contain internal information.
Access Control: Could allow an authenticated attacker to obtain sensitive information from README files that could aid in further attacks against the system.
Note: The CVE descriptions reference FTM for ACH Services, but they also apply to Check and CPS.
CVEID: CVE-2016-0231**
DESCRIPTION:** IBM Financial Transaction Manager for ACH Services for Multi-Platform could allow an authenticated user to obtain sensitive information contained in error logs.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110299 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2016-0232**
DESCRIPTION:** IBM Financial Transaction Manager for ACH Services for Multi-Platform could allow an authenticated attacker to obtain sensitive information from README files that could aid in further attacks against the system.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110300 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
- FTM for ACH v3.0.0.0, v3.0.0.1, v3.0.0.2, v3.0.0.3, v3.0.0.4, v3.0.0.5, v3.0.0.6, v3.0.0.7, v3.0.0.8, v3.0.0.9, v3.0.0.10, 3.0.0.11
- FTM for Check v3.0.0.0, v3.0.0.1, v3.0.0.2, v3.0.0.3, v3.0.0.4, v3.0.0.5, v3.0.0.6, v3.0.0.7, v3.0.0.8, v3.0.0.9, v3.0.0.10, 3.0.0.11
- FTM for CPS v3.0.0.0, v3.0.0.1, v3.0.0.2, v3.0.0.3, v3.0.0.4, v3.0.0.5, v3.0.0.6, v3.0.0.7, v3.0.0.8, v3.0.0.9, v3.0.0.10, 3.0.0.11
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
FTM for ACH Services| _3.0.0.0 through _
3.0.0.11| PI56757, PI56762| Apply 3.0.0-FTM-ACH-MP-fp0012 or later.
FTM for Check Services| _3.0.0.0 through _
3.0.0.11| PI56758, PI56763| Apply 3.0.0-FTM-Check-MP-fp0012 or later.
FTM for CPS Services| _3.0.0.0 through _
3.0.0.11| PI56759, PI56764| Apply 3.0.0-FTM-CPS-MP-fp0012 or later.
None