Page 2 of 18 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 192953. • https://exchange.xforce.ibmcloud.com/vulnerabilities/192953 https://www.ibm.com/support/pages/node/6958504 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or managing these authorizations. IBM X-Force ID: 240034. IBM Financial Transaction Manager para SWIFT Services for Multiplatforms 3.2.4 podría permitir que un usuario autenticado bloquee autorizaciones RM adicionales, lo que resultaría en una Denegación de Servicio (DoS) al mostrar o administrar estas autorizaciones. ID de IBM X-Force: 240034. • https://exchange.xforce.ibmcloud.com/vulnerabilities/240034 https://www.ibm.com/support/pages/node/6848881 • CWE-20: Improper Input Validation •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. event log entries) about the FTM SWIFT system. IBM X-Force ID: 239708. Las comprobaciones de autorización de IBM Financial Transaction Manager 3.2.4 se realizan incorrectamente para algunas solicitudes HTTP, lo que permite obtener información técnica no autorizada (por ejemplo, entradas de registro de eventos) sobre el sistema FTM SWIFT. ID de IBM X-Force: 239708. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239708 https://www.ibm.com/support/pages/node/6848881 • CWE-863: Incorrect Authorization •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.9 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 166801. IBM Financial Transaction Manager for Digital Payments for Multi-Platform versiones 3.2.0 hasta 3.2.9, es vulnerable a una inyección SQL. Un atacante remoto podría enviar sentencias SQL especialmente diseñadas, que podrían permitir al atacante visualizar, añadir, modificar o eliminar información en la base de datos del back-end. • https://exchange.xforce.ibmcloud.com/vulnerabilities/166801 https://www.ibm.com/support/pages/node/6594797 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session identifier gives an attacker the opportunity to steal authenticated sessions. IBM X-Force ID: 215040. IBM Financial Transaction Manager versión 3.2.4, no invalida la sesión de cualquier identificador de sesión existente da a un atacante la oportunidad de robar sesiones autenticadas. IBM X-Force ID: 215040 • https://exchange.xforce.ibmcloud.com/vulnerabilities/215040 https://www.ibm.com/support/pages/node/6527892 • CWE-384: Session Fixation •