CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-43872 – IBM Financial Transaction Manager information disclosure
https://notcve.org/view.php?id=CVE-2022-43872
20 Dec 2022 — IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. event log entries) about the FTM SWIFT system. IBM X-Force ID: 239708. Las comprobaciones de autorización de IBM Financial Transaction Manager 3.2.4 se realizan incorrectamente para algunas solicitudes HTTP, lo que permite obtener información técnica no autorizada (por ejemplo, entradas de registro de eventos) sobre el sistema FTM SWIFT. ID de... • https://exchange.xforce.ibmcloud.com/vulnerabilities/239708 • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4575
https://notcve.org/view.php?id=CVE-2019-4575
15 Jun 2022 — IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.9 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 166801. IBM Financial Transaction Manager for Digital Payments for Multi-Platform versiones 3.2.0 hasta 3.2.9, es vulnerable a una inyección SQL. Un atacante remoto podría enviar sentencias SQL especialmente... • https://exchange.xforce.ibmcloud.com/vulnerabilities/166801 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39066
https://notcve.org/view.php?id=CVE-2021-39066
02 Feb 2022 — IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session identifier gives an attacker the opportunity to steal authenticated sessions. IBM X-Force ID: 215040. IBM Financial Transaction Manager versión 3.2.4, no invalida la sesión de cualquier identificador de sesión existente da a un atacante la oportunidad de robar sesiones autenticadas. IBM X-Force ID: 215040 • https://exchange.xforce.ibmcloud.com/vulnerabilities/215040 • CWE-384: Session Fixation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39044
https://notcve.org/view.php?id=CVE-2021-39044
02 Feb 2022 — IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 214210. IBM Financial Transaction Manager versión 3.2.4, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. IBM X-Force ID: 214210 • https://exchange.xforce.ibmcloud.com/vulnerabilities/214210 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29841
https://notcve.org/view.php?id=CVE-2021-29841
14 Sep 2021 — IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205045. IBM Financial Transaction Manager versión 3.2.4, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario web, al... • https://exchange.xforce.ibmcloud.com/vulnerabilities/205045 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-5000
https://notcve.org/view.php?id=CVE-2020-5000
15 Jun 2021 — IBM Financial Transaction Manager 3.2.0 through 3.2.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192952. IBM Financial Transaction Manager versiones 3.0.2 y 3.2.4, es vulnerable a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la inter... • https://exchange.xforce.ibmcloud.com/vulnerabilities/192952 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5003
https://notcve.org/view.php?id=CVE-2020-5003
11 Jun 2021 — IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192956. IBM Financial Transaction Manager versión 3.2.4, es vulnerable a un ataque de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información confidencial o consumir r... • https://exchange.xforce.ibmcloud.com/vulnerabilities/192956 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.3EPSS: 0%CPEs: 13EXPL: 0CVE-2020-4555
https://notcve.org/view.php?id=CVE-2020-4555
21 Dec 2020 — IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 183328. IBM Financial Transaction Manager versiones 3.0.6 y 3.1.0, no comprueba una sesión después del cierre de sesión, lo que podría permitir a un usuario autenticado suplantar a otro usuario en el sistema. IBM X-Force ID: 183328 • https://exchange.xforce.ibmcloud.com/vulnerabilities/183328 • CWE-384: Session Fixation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4908
https://notcve.org/view.php?id=CVE-2020-4908
16 Dec 2020 — IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 returns the product version and release information on the login dialog. This information could be used in further attacks against the system. IBM Financial Transaction Manager for SWIFT Services for Multiplatforms versión 3.2.4, devuelve la versión del producto y la información de release en el diálogo de inicio de sesión. Esta información podría ser usada en futuros ataques contra el sistema • https://exchange.xforce.ibmcloud.com/vulnerabilities/191113 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4907
https://notcve.org/view.php?id=CVE-2020-4907
16 Dec 2020 — IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM Financial Transaction Manager for SWIFT Services for Multiplatforms versión 3.2.4, podría permitir a un atacante remoto obtener información confidencial cuando un mensaje de error técnico detallado es devuelto en el navegador. Est... • https://exchange.xforce.ibmcloud.com/vulnerabilities/191112 • CWE-209: Generation of Error Message Containing Sensitive Information •