IBMBF0A8455C4C3AA1FEB4B246DEF43034EA7FFB662EC886ED526455238A71927B9Security Bulletin: Financial Transaction Manager for ACH Services has a potential Information Disclosure vulnerability (CVE-2018-1393)
0.001 Low
EPSS
Percentile
27.0%
Summary
Financial Transaction Manager (FTM) for ACH Services has addressed a potential Information Disclosure vulnerability for some web services in the web services component.
Vulnerability Details
CVEID: CVE-2018-1393**
DESCRIPTION:** IBM Financial Transaction Manager for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could obtain sensitive information.
CVSS Base Score: 3.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138378> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
- FTM for ACH Services v3.0.6
Remediation/Fixes
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
FTM for ACH Services| 3.0.6.0| PI93293| Refer to Refer to FTM Knowledge Center > Financial Transaction Manager for Multiplatforms 3.0.6 > Payment Feature Services > RESTful web services > RESTful web services security > section HTTP header logging security
|
|
|
|
|
|
|
|
|
Workarounds and Mitigations
This is a potential vulnerability whose solution depends on your infrastructure configuration.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm financial transaction manager | eq | 3.0.6 | |
| ibm financial transaction manager | eq | 3.0.6.0 |
Related
0.001 Low
EPSS
Percentile
27.0%