Arbitrary Code Execution via Crafted Serialized JMS ObjectMessage in IBM Financial Transaction Manager (FTM)

Arbitrary Code Execution via Crafted Serialized JMS ObjectMessage in IBM Financial Transaction Manager (FTM)

CVE-2016-0276 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object. IBM X-Force ID: 111084.

Learn more about our Web Application Penetration Testing UK.