CVE-2018-1847

Name of the Vulnerable Software and Affected Versions IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) versions 2.0.0.0 through 2.0.0.5 IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) versions 2.1.0.0 through 2.1.0.4 IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) versions 2.1.1.0 through 2.1.1.4 IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) versions 3.0.0.0 through 3.0.0.8

Description The issue allows a remote attacker to traverse directories on the system by sending a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

Recommendations For versions 2.0.0.0 through 2.0.0.5, update to a version outside of this range to mitigate the risk. For versions 2.1.0.0 through 2.1.0.4, update to a version outside of this range to mitigate the risk. For versions 2.1.1.0 through 2.1.1.4, update to a version outside of this range to mitigate the risk. For versions 3.0.0.0 through 3.0.0.8, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.