Security Bulletin: Vulnerability in IBM Java Runtime affects Financial Transaction Manager for Corporate Payment Services

Summary

There is a vulnerability in IBM® Runtime Environment Java™ Version 1.7 used by Financial Transaction Manager for Corporate Payment Services. These issues were disclosed as part of the IBM Java SDK updates in October 2017.

Vulnerability Details

CVEID: CVE-2017-10356**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base Score: 6.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133785&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

- FTM for CPS v2.1.1.0, v2.1.1.1, v2.1.1.2, v2.1.1.3, v2.1.1.4

Remediation/Fixes

Product

| VRMF| APAR| Remediation/First Fix
—|—|—|—
FTM for Corporate Payment Services| 2.1.1.0,
2.1.1.1,
2.1.1.2,
2.1.1.3,
2.1.1.4| PI92757| Apply 2.1.1-FTM-CPS-MP-fp0005 or later

Workarounds and Mitigations

None