6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
Financial Transaction Manager (FTM) for ACH Services, FTM for Check Services, and FTM for Corporate Payment Services has addressed a potential information leakage vulnerability.
CVEID: CVE-2017-1538**
DESCRIPTION:** IBM Financial Transaction Manager for ACH Services for Multiplatforms could allow an authenticated user to obtain sensitive information from an undocumented URL.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/130735 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
- FTM for ACH Services v3.0.2.0 - 3.0.2.1, v3.0.3.0, v3.0.4.0
- FTM for Check Services v3.0.2.0 - 3.0.2.1, v3.0.3, 3.0.4.0
- FTM for CPS v3.0.2.0 - 3.0.2.1, v3.0.3, v3.0.4.0
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
FTM for ACH Services| 3.0.2.0 through 3.0.2.1,
3.0.3.0,
3.0.4.0| PI87194| 3.0.2 apply 3.0.2.1-FTM-ACH-MP-iFix0006 or later.
3.0.3 apply 3.0.3.0-FTM-ACH-MP-iFix0004 or later.
3.0.4 apply 3.0.4.0-FTM-ACH-MP-iFix0002 or later, or 3.0.4-FTM-ACH-MP-fp0001 or later
FTM for Check Services| 3.0.2.0 through 3.0.2.1,
3.0.3.0,
3.0.4.0| PI87194| 3.0.2 apply 3.0.2.1-FTM-Check-MP-iFix0006 or later.
3.0.3 apply 3.0.4.0-FTM-Check-MP-iFix0002 or later
3.0.4 apply 3.0.4.0-FTM-Check-MP-iFix0002 or later.
FTM for CPS| 3.0.2.0 through 3.0.2.1,
3.0.3,
3.0.4| PI87194| 3.0.2 apply 3.0.2.1-FTM-CPS-MP-iFix0006 or later.
3.0.3 apply 3.0.4.0-FTM-CPS-MP-iFix0002 or later
3.0.4 apply 3.0.4.0-FTM-CPS-MP-iFix0002 or later.
None
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N