Lucene search

IBM949632C2BEE51605D9D4FDAA8342C9FA5CAC1630DE4B68D361CE72D199B1E038

HistoryMar 12, 2020 - 7:33 p.m.

Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for ACH Services

2020-03-1219:33:03

www.ibm.com

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

JSON

Summary

There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by Financial Transaction Manager for ACH Services. Financial Transaction Manager for ACH Services (FTM ACH) has addressed the applicable CVE.<br>If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the “IBM Java SDK Security Bulletin”, located in the References section for more information.

Vulnerability Details

CVEID:CVE-2019-2964
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169270 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s)	Version(s)
Financial Transaction Manager for ACH Services for Multi-Platform	3.1.0
Financial Transaction Manager for ACH Services for Multi-Platform	3.0.6

Remediation/Fixes

Product

VRMF

APAR

Remediation / First Fix

—|—|—|—

FTM ACH

3.0.6

PH19964

3.0.6-FTM-ACH-MP-fp0011

FTM ACH| 3.1.0| PH19964| 3.1.0.3-FTM-ACH-MP-iFix0015

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm financial transaction managereq3.0.6
ibm financial transaction managereq3.1.0

CPE	Name	Operator	Version
	ibm financial transaction manager	eq	3.0.6
	ibm financial transaction manager	eq	3.1.0

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

JSON

Related for 949632C2BEE51605D9D4FDAA8342C9FA5CAC1630DE4B68D361CE72D199B1E038