Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMC5C206BF70CC93C163131F93872378006A139D3ADE7BE7E730BFABA70D7143DA
HistoryJun 16, 2018 - 8:13 p.m.

Security Bulletin: There are potential Cross Site Scripting (XSS) vulnerabilities in the Duplicate Detect component in Financial Transaction Manager (FTM) for Check Services (CVE-2018-1390)

2018-06-1620:13:29
www.ibm.com
1

0.001 Low

EPSS

Percentile

25.4%

JSON

Summary

There are potential Cross Site Scripting (XSS) vulnerabilities in the Duplicate Detect component in Financial Transaction Manager (FTM) for Check Services

Vulnerability Details

CVEID: CVE-2018-1390**
DESCRIPTION:** IBM Financial Transaction Manager for Check Services for Multi-Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138221&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

- FTM for Check Services v3.0.0, v3.0.2, v3.0.5

Remediation/Fixes

Product

| VRMF| APAR| Remediation/First Fix
—|—|—|—
FTM for Check Services| 3.0.0
3.0.2.1, 3.0.5.0| PI95429| 3.0.0 apply 3.0.0.15-FTM-Check-MP-iFix0014 or later.
3.0.2 apply 3.0.2.1-FTM-Check-MP-iFix0010 or later.
3.0.5 apply 3.0.5.0-FTM-Check-MP-iFix0001 or later.

Workarounds and Mitigations

None

Related

cvelist 1
cve 1
prion 1
nvd 1
cvelist
cvelist
CVE-2018-1390
2018-03-22 00:00:00
cve
cve
CVE-2018-1390
2018-03-30 16:29:00
prion
prion
Cross site scripting
2018-03-30 16:29:00
nvd
nvd
CVE-2018-1390
2018-03-30 16:29:00

0.001 Low

EPSS

Percentile

25.4%

JSON
Related for C5C206BF70CC93C163131F93872378006A139D3ADE7BE7E730BFABA70D7143DA
cvelist1cve1prion1nvd1