CVE-2018-1847
Description
IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) v2.0.0.0 through 2.0.0.5, v2.1.0.0 through 2.1.0.4, v2.1.1.0 through 2.1.1.4, and v3.0.0.0 through 3.0.0.8 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 150946.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Financial Transaction Manager for Multi-Platform versions 2.0.0.0 through 3.0.0.8 are vulnerable to path traversal in the Save/Export function, allowing remote authenticated attackers to view arbitrary files.
Vulnerability
IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) versions 2.0.0.0 through 2.0.0.5, 2.1.0.0 through 2.1.0.4, 2.1.1.0 through 2.1.1.4, and 3.0.0.0 through 3.0.0.8 are vulnerable to a path traversal attack via the Save/Export function available on search result displays [1]. The vulnerability allows sending a specially-crafted URL request containing "dot dot" sequences (/../) to access files outside the intended directory. Versions 3.2.0 and 3.2.2 are not affected.
Exploitation
Exploitation requires authentication with low privileges (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N) [1]. An attacker can send a crafted URL to the vulnerable Save/Export endpoint, using path traversal sequences to read arbitrary files on the system. No user interaction is needed beyond the attacker's own session.
Impact
Successful exploitation allows an attacker to read arbitrary files from the system, leading to information disclosure. The confidentiality impact is low, and there is no impact to integrity or availability [1].
Mitigation
IBM recommends upgrading to the latest version of Financial Transaction Manager and obtaining the latest OAC (Web UI) from Fix Central [1]. For v3.0.0.x, upgrade to v3.0.0.9. The OAC from the latest product versions supports the affected fixpack levels (2.0.0.5, 2.1.0.4, 2.1.1.4, and 3.0.0.9) [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: 2.0.0.0-2.0.0.5, 2.1.0.0-2.1.0.4, 2.1.1.0-2.1.1.4, 3.0.0.0-3.0.0.8
- Range: 2.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- exchange.xforce.ibmcloud.com/vulnerabilities/150946mitrevdb-entryx_refsource_XF
- www.ibm.com/support/pages/security-bulletin-path-traversal-exposure-saveexport-function-ftm-oacmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.