CVE-2018-1847

Summary

IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) v2.0.0.0 through 2.0.0.5, v2.1.0.0 through 2.1.0.4, v2.1.1.0 through 2.1.1.4, and v3.0.0.0 through 3.0.0.8 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 150946.

Affected Software

VendorProductVersion RangeStatus
IBMFinancial Transaction Manager2.1affected
IBMFinancial Transaction Manager2.0affected
IBMFinancial Transaction Manager2.1.1.2affected
IBMFinancial Transaction Manager3.0.0.0affected
IBMFinancial Transaction Manager3.0.0.1affected
IBMFinancial Transaction Manager3.0.0.2affected
IBMFinancial Transaction Manager2.1.1.0affected
IBMFinancial Transaction Manager3.0.0.3affected
IBMFinancial Transaction Manager3.0.0.4affected
IBMFinancial Transaction Manager3.0.0.5affected
IBMFinancial Transaction Manager3.0.0.6affected
IBMFinancial Transaction Manager3.0.0.7affected
IBMFinancial Transaction Manager3.0affected
IBMFinancial Transaction Manager3.0.0.8affected
IBMFinancial Transaction Manager2.1.1.1affected
IBMFinancial Transaction Manager2.1.1.3affected
IBMFinancial Transaction Manager2.1.1.4affected
IBMFinancial Transaction Manager2.1.1affected
IBMFinancial Transaction Manager2.0.0.0affected
IBMFinancial Transaction Manager2.0.0.1affected
IBMFinancial Transaction Manager2.0.0.2affected
IBMFinancial Transaction Manager2.0.0.3affected
IBMFinancial Transaction Manager2.0.0.4affected
IBMFinancial Transaction Manager2.0.0.5affected
IBMFinancial Transaction Manager2.1.0affected
IBMFinancial Transaction Manager2.1.0.0affected
IBMFinancial Transaction Manager2.1.0.1affected
IBMFinancial Transaction Manager2.1.0.2affected
IBMFinancial Transaction Manager2.1.0.3affected
IBMFinancial Transaction Manager2.1.0.4affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

References