CVE-2018-1819
Description
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2, 3.0.4, 3.0.6, and 3.2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-force ID: 150023.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Financial Transaction Manager for Multi-Platform is vulnerable to SQL injection in versions 3.0.2, 3.0.4, 3.0.6, and 3.2.0, allowing remote authenticated attackers to read or modify database data.
Vulnerability
IBM Financial Transaction Manager for Digital Payments for Multi-Platform versions 3.0.2, 3.0.4, 3.0.6, and 3.2.0, as well as related products FTM ACH (3.0.6.0-3.0.6.2, 3.1.0.0-3.1.0.2), FTM CPS (3.0.2.0-3.0.2.1), and FTM DP (3.2.0.0), are vulnerable to SQL injection. The vulnerability exists in the SOAP web services component [1][2][3].
Exploitation
A remote attacker with low privileges can send specially-crafted SQL statements via SOAP web services. The CVSS v3.0 vector indicates network access, low complexity, and no user interaction required [1][2][3].
Impact
Successful exploitation could allow the attacker to view, add, modify, or delete information in the back-end database, impacting confidentiality, integrity, and availability (CVSS 6.3) [1][2][3].
Mitigation
If SOAP web services are not used, remove WebServices.ear from WebSphere Application Server instances. IBM has not released patches as of the advisory date; check for updates via IBM support [1][2][3].
- Security Bulletin: Financial Transaction Manager for ACH Services for Multi-Platform is affected by a potential SQL Injection vulnerability CVE-2018-1819
- Security Bulletin: Financial Transaction Manager for Corporate Payment Services for Multi-Platform is affected by a potential SQL Injection vulnerability CVE-2018-1819
- Security Bulletin: Financial Transaction Manager for Digital Payments for Multi-Platform is affected by a potential SQL Injection vulnerability CVE-2018-1819
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: 3.0.2, 3.0.4, 3.0.6, 3.2.0
- Range: 3.0.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- www.ibm.com/support/docview.wssmitrex_refsource_CONFIRM
- www.ibm.com/support/docview.wssmitrex_refsource_CONFIRM
- www.ibm.com/support/docview.wssmitrex_refsource_CONFIRM
- exchange.xforce.ibmcloud.com/vulnerabilities/150023mitrevdb-entryx_refsource_XF
News mentions
0No linked articles in our index yet.