Information disclosure in Financial Transaction Manager - CVE-2016-0232
Published: February 16, 2016 / Updated: August 9, 2020
Vulnerability identifier: #VU40479
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-0232
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: IBM Corporation
Affected software:
Financial Transaction Manager
Financial Transaction Manager
Detailed vulnerability description
The vulnerability allows a remote authenticated user to gain access to sensitive information.
IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by reading README files.
How to mitigate CVE-2016-0232
Install update from vendor's website.
Sources
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI56757
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI56758
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI56759
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI56762
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI56763
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI56764
- http://www-01.ibm.com/support/docview.wss?uid=swg21976392