CVE-2017-1152

Name of the Vulnerable Software and Affected Versions IBM Financial Transaction Manager versions 3.0.1 through 3.0.2

Description The issue arises from the improper updating of the SESSIONID with each request, potentially allowing a user to obtain the ID for further attacks against the system.

Recommendations For versions 3.0.1 and 3.0.2, consider implementing a workaround to properly update the SESSIONID with each request until a patch is available. As a temporary mitigation measure, restrict access to sensitive areas of the system that rely on the SESSIONID for authentication.