Medium Severity

IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential directory listing of internal product files vulnerability (CVE-2018-2026)

Jan 22, 2019 9:01 am EDT

Categorized: Medium Severity

Share this post:

IBM Financial Transaction Manager for Corporate Payment Services (FTM CPS) for Multi-Platform has addressed the following vulnerability. A potential directory listing vulnerability could allow an authenticated user to obtain a directory listing of internal product files.

CVE(s): CVE-2018-2026

Affected product(s) and affected version(s):

FTM CPS v3.2.1.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10795544
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155552


Previous Post

IBM Security Bulletin: Financial Transaction Manager for Digital Payments is affected by a potential directory listing of internal product files vulnerability (CVE-2018-2026)

Next Post

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager
More stories

IBM Security Bulletin: IBM Cloud Private ingress log files contain sensitive information (CVE-2019-4284)

Aug 2, 2019 9:01 am EDT | Medium Severity

IBM Cloud Private ingress log files contain sensitive information CVE(s): CVE-2019-4284 Affected product(s) and affected version(s):IBM Cloud Private 2.1.x, 3.1.0, 3.1.1, 3.1.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10885454X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/160512 ...read more

IBM Security Bulletin: IBM MQ clients are vulnerable to a denial of service attack caused by consuming specifically crafted messages (CVE-2019-4261)

Aug 2, 2019 9:01 am EDT | Medium Severity

An error was found with the IBM MQ client message handling logic that causes a denial of service attack when specifically crafted messages are consumed. CVE(s): CVE-2019-4261 Affected product(s) and affected version(s):IBM WebSphere MQ V7.1 versions 7.1.0.0 – 7.1.0.9 IBM WepSphere MQ V7.5 versions 7.5.0.0 – 7.5.0.9 IBM MQ V8 versions 8.0.0.0 – 8.0.0.11 IBM ...read more

IBM Security Bulletin: Financial Transaction Manager for Digital Payments is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-15494)

Aug 2, 2019 9:00 am EDT | Medium Severity

Financial Transaction Manager for Digital Payments (FTM DP) for Multi-Platform has addressed the following vulnerability. A potential cross-site scripting vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVE(s): CVE-2018-15494 Affected product(s) and affected version(s): FTM DP v3.2.0.0 ...read more