CVE-2017-1758

Summary

IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 135859.

Affected Software

VendorProductVersion RangeStatus
IBMControl Center6.0affected
IBMControl Center6.1affected
IBMControl Center6.1.1affected
IBMFinancial Transaction Manager3.0.2affected
IBMFinancial Transaction Manager3.0.2.0affected
IBMFinancial Transaction Manager3.0.2.1affected
IBMFinancial Transaction Manager3.0.4affected
IBMFinancial Transaction Manager3.0.4.0affected
IBMFinancial Transaction Manager3.1.0affected
IBMFinancial Transaction Manager3.1.0.0affected
IBMFinancial Transaction Manager3.0.3affected
IBMFinancial Transaction Manager3.0.3.0affected
IBMTransformation Extender Advanced9.0affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

References