CVE-2016-0232Sensitive Information Exposure in IBM Financial Transaction Manager

CWE-200Sensitive Information ExposureCWE-20Improper Input ValidationCWE-78OS Command Injection6 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 43.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Financial Transaction Manager
Timeline
PublishedFeb 15
Latest updateMay 17

Description

IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by reading README files.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
GHSA-crx7-pjf2-9848: IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 32022-05-17
GHSA
Apache Tomcat OS Command Injection vulnerability2019-04-18
CVEList
CVE-2016-0232: IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 32016-02-15

💥Exploits & PoCs

1
Nuclei
Apache Tomcat `CGIServlet` enableCmdLineArguments - Remote Code Execution

📋Vendor Advisories

1
Red Hat
tomcat: Remote Code Execution on Windows2019-04-10
CVE-2016-0232 — Sensitive Information Exposure in IBM | cvebase