Information disclosure in Financial Transaction Manager - CVE-2016-0231
Published: February 16, 2016 / Updated: August 9, 2020
Vulnerability identifier: #VU40480
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-0231
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: IBM Corporation
Affected software:
Financial Transaction Manager
Financial Transaction Manager
Detailed vulnerability description
The vulnerability allows a remote authenticated user to gain access to sensitive information.
IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by reading exception details in error logs.
How to mitigate CVE-2016-0231
Install update from vendor's website.
Sources
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI56757
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI56758
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI56759
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI56762
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI56763
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI56764
- http://www-01.ibm.com/support/docview.wss?uid=swg21976392