Financial Transaction Manager (FTM) for ACH Services and FTM for Corporate Payment Services has addressed a potential Cross Site Scripting vulnerability.
CVEID: CVE-2017-1634**
DESCRIPTION:** IBM Financial Transaction Manager (FTM) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI, thus altering the intended functionality, potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133242 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
- FTM for ACH Services v3.0.0, v3.0.1, v3.0.2.0 - 3.0.2.1, v3.0.3, v3.0.4
- FTM for CPS v3.0.0, v3.0.1, v3.0.2.0 - 3.0.2.1, v3.0.3, v3.0.4
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
FTM for ACH Services| 3.0.0,
3.0.1,
3.0.2.0 through 3.0.2.1,
3.0.3.0,
3.0.4.0| PI87192| 3.0.0 apply 3.0.4-FTM-ACH-MP-fp0001 or later
3.0.1 apply 3.0.4-FTM-ACH-MP-fp0001 or later
3.0.2 apply 3.0.2.1-FTM-ACH-MP-iFix0006 or later.
3.0.3 apply 3.0.3.0-FTM-ACH-MP-iFix0004 or later.
3.0.4 apply 3.0.4.0-FTM-ACH-MP-iFix0002 or later, or 3.0.4-FTM-ACH-MP-fp0001 or later
FTM for CPS| 3.0.0,
3.0.1,
3.0.2.0 through 3.0.2.1,
3.0.3,
3.0.4| PI87192| 3.0.0 apply 3.0.4.0-FTM-CPS-MP-iFix0002 or later
3.0.1 apply 3.0.4.0-FTM-CPS-MP-iFix0002 or later
3.0.2 apply 3.0.2.1-FTM-CPS-MP-iFix0006 or later.
3.0.3 apply 3.0.4.0-FTM-CPS-MP-iFix0002 or later
3.0.4 apply 3.0.4.0-FTM-CPS-MP-iFix0002 or later.
None