CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2017-1606
https://notcve.org/view.php?id=CVE-2017-1606
IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 132926. IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) en versiones 3.0.0.0 hasta la 3.0.0.7 es vulnerable a una inyección SQL. Un atacante remoto podría enviar instrucciones SQL especialmente manipuladas que podrían permitir que el atacante viese, añadiese, modificase o borrase información en la base de datos del backend. • http://www.ibm.com/support/docview.wss?uid=swg22011179 http://www.securityfocus.com/bid/102049 https://exchange.xforce.ibmcloud.com/vulnerabilities/132926 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-1538
https://notcve.org/view.php?id=CVE-2017-1538
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735. IBM Financial Transaction Manager para ACH Services para Multi-Platform 3.0.2 puede permitir que un usuario autenticado obtenga información sensible de una URL sin documentar. IBM X-Force ID: 130735. • http://www.ibm.com/support/docview.wss?uid=swg22008385 http://www.securityfocus.com/bid/101198 https://exchange.xforce.ibmcloud.com/vulnerabilities/130735 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 48EXPL: 0CVE-2017-1160
https://notcve.org/view.php?id=CVE-2017-1160
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122892. IBM Financial Transaction Manager para ACH Services para Multi-Platform 3.0.0.x es vulnerable a las secuencias de comandos entre sitios. Esta vulnerabilidad permite a los usuarios integrar código JavaScript arbitrario en la interfaz de usuario Web, alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg22001574 http://www.securityfocus.com/bid/97666 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1152
https://notcve.org/view.php?id=CVE-2017-1152
IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 122293. IBM Financial Transaction Manager 3.0.1 y 3.0.2 no actualiza correctamente el SESSIONID con cada solicitud, lo que podría permitir a un usuario obtener el ID en nuevos ataques contra el sistema. IBM X-Force ID: 122293. • http://www.ibm.com/support/docview.wss?uid=swg22001551 http://www.securityfocus.com/bid/99237 • CWE-384: Session Fixation •
CVSS: 5.4EPSS: 0%CPEs: 47EXPL: 0CVE-2016-5920
https://notcve.org/view.php?id=CVE-2016-5920
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financial Transaction Manager (FTM) for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la Web UI en IBM Financial Transaction Manager (FTM) para ACH Services 3.0.0.x en versiones anteriores a fp0015 y 3.0.1.0 en versiones anteriores a iFix0002 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI67537 http://www-01.ibm.com/support/docview.wss?uid=swg21989060 http://www.securityfocus.com/bid/92634 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •