IBME1E0DA3D7EF77905F5138FB7DC066C6207E188D3E4C7496EE42EC49C55D4CEBBSecurity Bulletin: Financial Transaction Manager for Corporate Payment Services Access Control: Information leakage in error handling (CVE-2016-0231 )
0.002 Low
EPSS
Percentile
59.2%
Summary
Information Leakage: When an exception occurs the resulting text displayed to the user might contain internal information.
Vulnerability Details
CVEID: CVE-2016-0231**
DESCRIPTION:** IBM Financial Transaction Manager for ACH Services for Multi-Platform could allow an authenticated user to obtain sensitive information contained in error logs.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110299 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
- FTM for CPS v2.1.1.0, v2.1.1.1, v2.1.1.2, v2.1.1.3
Remediation/Fixes
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
FTM for Corporate Payment Services| 2.1.1.0,
2.1.1.1,
2.1.1.2,
2.1.1.3| PI56761| Apply 2.1.1-FTM-CPS-MP-fp0004 or later
Workarounds and Mitigations
None
Related
0.002 Low
EPSS
Percentile
59.2%