IBM Security Bulletin: Financial Transaction Manager for ACH Services and Corporate Payment Services has a potential XML External Entity vulnerability (CVE-2017-1758)

Financial Transaction Manager (FTM) for ACH Services and FTM for Corporate Payment Services (CPS) has addressed a potential XML External Entity vulnerability. For some web services, if the request is intercepted and modified, the XML payload could take advantage of XML External Entity Injection to cause denial of service.

CVE(s): CVE-2017-1758

Affected product(s) and affected version(s):

– FTM for ACH Services v3.0.2, v3.0.3, v3.0.4, v3.1.0

– FTM for CPS v3.0.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22012828
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/135859

The post IBM Security Bulletin: Financial Transaction Manager for ACH Services and Corporate Payment Services has a potential XML External Entity vulnerability (CVE-2017-1758) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2EIO6Ur