Information disclosure in IBM Financial Transaction Manager



| Updated: 2020-08-09
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2016-0232
CWE-ID CWE-200
Exploitation vector Network
Public exploit N/A
Vulnerable software
 Financial Transaction Manager
Client/Desktop applications / Other client software

Vendor IBM Corporation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Information disclosure

EUVDB-ID: #VU40479

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-0232

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by reading README files.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Financial Transaction Manager: 3.0.0.0 - 3.0.0.11

CPE2.3 External links

https://www-01.ibm.com/support/docview.wss?uid=swg1PI56757
https://www-01.ibm.com/support/docview.wss?uid=swg1PI56758
https://www-01.ibm.com/support/docview.wss?uid=swg1PI56759
https://www-01.ibm.com/support/docview.wss?uid=swg1PI56762
https://www-01.ibm.com/support/docview.wss?uid=swg1PI56763
https://www-01.ibm.com/support/docview.wss?uid=swg1PI56764
https://www-01.ibm.com/support/docview.wss?uid=swg21976392


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###