Financial Transaction Manager (FTM) for ACH Services has addressed a potential Information Disclosure vulnerability for some web services in the web services component.
CVEID: CVE-2018-1393**
DESCRIPTION:** IBM Financial Transaction Manager for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could obtain sensitive information.
CVSS Base Score: 3.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138378> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)
- FTM for ACH Services v3.0.6
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
FTM for ACH Services| 3.0.6.0| PI93293| Refer to Refer to FTM Knowledge Center > Financial Transaction Manager for Multiplatforms 3.0.6 > Payment Feature Services > RESTful web services > RESTful web services security > section HTTP header logging security
|
|
|
|
|
|
|
|
|
This is a potential vulnerability whose solution depends on your infrastructure configuration.
CPE | Name | Operator | Version |
---|---|---|---|
ibm financial transaction manager | eq | 3.0.6 | |
ibm financial transaction manager | eq | 3.0.6.0 |