CVE-2017-1758

IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 135859.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:financial_transaction_manager:3.0.2.0:*:*:*:*:cps_services:*:*
cpe:2.3:a:ibm:financial_transaction_manager:3.0.2.1:*:*:*:*:ach_services:*:*
cpe:2.3:a:ibm:financial_transaction_manager:3.0.4.0:*:*:*:*:ach_services:*:*
cpe:2.3:a:ibm:financial_transaction_manager:3.0.2.0:*:*:*:*:ach_services:*:*
cpe:2.3:a:ibm:financial_transaction_manager:3.0.3.0:*:*:*:*:ach_services:*:*
cpe:2.3:a:ibm:financial_transaction_manager:3.1.0.0:*:*:*:*:ach_services:*:*

Configuration 2 (hide)

cpe:2.3:a:ibm:transformation_extender_advanced:9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:ibm:control_center:6.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:control_center:6.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:control_center:6.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:control_center:6.1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:control_center:6.1.0.0:*:*:*:*:*:*:*

Information

Published : 2018-02-21 13:29

Updated : 2018-03-12 08:39


NVD link : CVE-2017-1758

Mitre link : CVE-2017-1758


JSON object : View

CWE
CWE-611

Improper Restriction of XML External Entity Reference

Advertisement

dedicated server usa

Products Affected

ibm

  • control_center
  • financial_transaction_manager
  • transformation_extender_advanced