Security Bulletin: Financial Transaction Manager for Corporate Payment Services Access Control: Information Disclosure - Dojo Readme's (CVE-2016-0232)

Summary

IBM Financial Transaction Manager for Corporate Payment Services for Multi-Platform could allow an authenticated attacker to obtain sensitive information from README files that could aid in further attacks against the system.

Vulnerability Details

CVEID: CVE-2016-0232**
DESCRIPTION:** IBM Financial Transaction Manager for ACH Services for Multi-Platform could allow an authenticated attacker to obtain sensitive information from README files that could aid in further attacks against the system.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110300 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

- FTM for CPS v2.1.1.0, v2.1.1.1, v2.1.1.2

Remediation/Fixes

Product

| VRMF| APAR| Remediation/First Fix
—|—|—|—
FTM for Corporate Payment Services| 2.1.1.0, 2.1.1.1, 2.1.1.2| PI56766| Apply 2.1.1-FTM-CPS-MP-fp0003 or later

Workarounds and Mitigations

None