Security Bulletin: Financial Transaction Manager for Check Services: Information Leakage in configuration listing (CVE-2018-1670)

2019-01-2900:45:01

www.ibm.com

0.001 Low

EPSS

Percentile

26.6%

JSON

Summary

IBM Financial Transaction Manager for Check Services (FTM CHK) for Multi-Platform could allow an authenticated user to obtain sensitive product configuration information from log files.

Vulnerability Details

CVEID: CVE-2018-1670 DESCRIPTION: IBM Financial Transaction Manager for ACH Services for Multi-Platform could allow an authenticated user to obtain sensitive product configuration information from log files.
CVSS Base Score: 3.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144946> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

FTM CHK v3.0.0.0-3.0.0.15, v3.0.2.0 - 3.0.2.1, v3.0.5.0-3.0.5.1

Remediation/Fixes

Product

VRMF

APAR

Remediation/First Fix

—|—|—|—
FTM CHK | 3.0.0.0-3.0.0.15 | PH02829 | 3.0.0.15-FTM-Check-MP-iFix0015
FTM CHK | 3.0.2.0 - 3.0.2.1 | PH02829 | 3.0.2.1-FTM-Check-MP-iFix0015
FTM CHK | 3.0.5.0-3.0.5.1 | PH02829 | _ 3.0.5-FTM-Check-MP-fp0002 _

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm financial transaction managereq3.0.2
ibm financial transaction managereq3.0.5
ibm financial transaction managereq3.0.0

Name	Operator	Version
ibm financial transaction manager	eq	3.0.2
ibm financial transaction manager	eq	3.0.5
ibm financial transaction manager	eq	3.0.0

0.001 Low

EPSS

Percentile

26.6%

JSON

Related for AB84043ED2F8ABB66164D93C1BAB2F5A32B92CE3425312BA053BD24518B186B9