Security Bulletin: Financial Transaction Manager for Corporate Payment Services v2.1.1 is affected by a potential cross-site request forgery vulnerability (CVE-2018-1790)

2019-08-1411:50:13

www.ibm.com

0.001 Low

EPSS

Percentile

26.4%

JSON

Summary

IBM Financial Transaction Manager for Corporate Payment Services (FTM CPS) for Multi-Platform has addressed the following vulnerability. A potential cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Vulnerability Details

CVEID:CVE-2018-1790
**DESCRIPTION:*IBM Financial Transaction Manager for Digital Payments for Multi-Platform is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148944> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)

Affected Products and Versions

FTM CPS v2.1.1.0 - 2.1.1.4

Remediation/Fixes

Product

VRMF

APAR

Remediation/First Fix

—|—|—|—

FTM CPS

2.1.1.0 - 2.1.1.4

PH02847

2.1.1-FTM-CPS-MP-FP0005

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm financial transaction managereq2.1.1

CPE	Name	Operator	Version
	ibm financial transaction manager	eq	2.1.1

0.001 Low

EPSS

Percentile

26.4%

JSON

Related for DF1B01F27EA796CD8CC8166BC2B4AB66EC0052125472A91AC45DF338FC97973A