Security Bulletin: Financial Transaction Manager for ACH Services, Check Services, and Corporate Payment Services has a potential information leakage vulnerability (CVE-2017-1538)

Summary

Financial Transaction Manager (FTM) for ACH Services, FTM for Check Services, and FTM for Corporate Payment Services has addressed a potential information leakage vulnerability.

Vulnerability Details

CVEID: CVE-2017-1538**
DESCRIPTION:** IBM Financial Transaction Manager for ACH Services for Multiplatforms could allow an authenticated user to obtain sensitive information from an undocumented URL.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/130735 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

- FTM for ACH Services v3.0.2.0 - 3.0.2.1, v3.0.3.0, v3.0.4.0

- FTM for Check Services v3.0.2.0 - 3.0.2.1, v3.0.3, 3.0.4.0

- FTM for CPS v3.0.2.0 - 3.0.2.1, v3.0.3, v3.0.4.0

Remediation/Fixes

Product

| VRMF| APAR| Remediation/First Fix
—|—|—|—
FTM for ACH Services| 3.0.2.0 through 3.0.2.1,
3.0.3.0,
3.0.4.0| PI87194| 3.0.2 apply 3.0.2.1-FTM-ACH-MP-iFix0006 or later.
3.0.3 apply 3.0.3.0-FTM-ACH-MP-iFix0004 or later.
3.0.4 apply 3.0.4.0-FTM-ACH-MP-iFix0002 or later, or 3.0.4-FTM-ACH-MP-fp0001 or later
FTM for Check Services| 3.0.2.0 through 3.0.2.1,
3.0.3.0,
3.0.4.0| PI87194| 3.0.2 apply 3.0.2.1-FTM-Check-MP-iFix0006 or later.
3.0.3 apply 3.0.4.0-FTM-Check-MP-iFix0002 or later
3.0.4 apply 3.0.4.0-FTM-Check-MP-iFix0002 or later.
FTM for CPS| 3.0.2.0 through 3.0.2.1,
3.0.3,
3.0.4| PI87194| 3.0.2 apply 3.0.2.1-FTM-CPS-MP-iFix0006 or later.
3.0.3 apply 3.0.4.0-FTM-CPS-MP-iFix0002 or later
3.0.4 apply 3.0.4.0-FTM-CPS-MP-iFix0002 or later.

Workarounds and Mitigations

None