Total
44 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4556 | 1 Ibm | 1 Financial Transaction Manager | 2023-03-22 | N/A | 3.3 LOW |
| IBM Financial Transaction Manager for High Value Payments for Multi-Platform 3.2.0 through 3.2.10 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 183329. | |||||
| CVE-2020-5002 | 1 Ibm | 1 Financial Transaction Manager | 2023-03-16 | N/A | 8.8 HIGH |
| IBM Financial Transaction Manager 3.2.0 through 3.2.10 could allow an authenticated user to perform unauthorized actions due to improper validation. IBM X-Force ID: 192954. | |||||
| CVE-2020-5001 | 1 Ibm | 1 Financial Transaction Manager | 2023-03-09 | N/A | 7.5 HIGH |
| IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 192953. | |||||
| CVE-2020-5026 | 1 Ibm | 1 Financial Transaction Manager | 2023-03-09 | N/A | 7.5 HIGH |
| IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 193662. | |||||
| CVE-2020-5000 | 1 Ibm | 1 Financial Transaction Manager | 2023-02-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Financial Transaction Manager 3.2.0 through 3.2.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192952. | |||||
| CVE-2022-43875 | 2 Ibm, Linux | 4 Aix, Financial Transaction Manager, Linux On Ibm Z and 1 more | 2023-02-14 | N/A | 5.5 MEDIUM |
| IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or managing these authorizations. IBM X-Force ID: 240034. | |||||
| CVE-2022-43872 | 2 Ibm, Linux | 4 Aix, Financial Transaction Manager, Linux On Ibm Z and 1 more | 2023-02-14 | N/A | 5.3 MEDIUM |
| IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. event log entries) about the FTM SWIFT system. IBM X-Force ID: 239708. | |||||
| CVE-2021-29841 | 2 Ibm, Linux | 5 Aix, Financial Transaction Manager, Linux On Ibm Z and 2 more | 2023-02-14 | 3.5 LOW | 5.4 MEDIUM |
| IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205045. | |||||
| CVE-2019-4032 | 1 Ibm | 1 Financial Transaction Manager | 2022-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-ForceID: 155998. | |||||
| CVE-2019-4575 | 1 Ibm | 1 Financial Transaction Manager | 2022-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.9 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 166801. | |||||
| CVE-2021-39044 | 1 Ibm | 1 Financial Transaction Manager | 2022-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 214210. | |||||
| CVE-2021-39066 | 1 Ibm | 1 Financial Transaction Manager | 2022-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session identifier gives an attacker the opportunity to steal authenticated sessions. IBM X-Force ID: 215040. | |||||
| CVE-2020-5003 | 1 Ibm | 1 Financial Transaction Manager | 2021-06-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192956. | |||||
| CVE-2020-4555 | 1 Ibm | 1 Financial Transaction Manager | 2020-12-22 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 183328. | |||||
| CVE-2020-4560 | 1 Ibm | 1 Financial Transaction Manager | 2020-08-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2018-1790 | 1 Ibm | 1 Financial Transaction Manager | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 148944. | |||||
| CVE-2018-1819 | 1 Ibm | 1 Financial Transaction Manager | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2, 3.0.4, 3.0.6, and 3.2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-force ID: 150023. | |||||
| CVE-2018-2026 | 1 Ibm | 1 Financial Transaction Manager | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Financial Transaction Manager 3.2.1 for Digital Payments could allow an authenticated user to obtain a directory listing of internal product files. IBM X-Force ID: 155552. | |||||
| CVE-2018-1871 | 1 Ibm | 1 Financial Transaction Manager | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2, and 3.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 151329. | |||||
| CVE-2018-1390 | 1 Ibm | 1 Financial Transaction Manager | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Financial Transaction Manager for Check Services for Multi-Platform 3.0, 3.0.2, and 3.0.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138221. | |||||