NotCVE - vendor:"Ibm" product:"Financial Transaction Manager" version:"2.1.1.2"

Page 2 of 7 results (0.002 seconds)

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

CVE-2016-0268

https://notcve.org/view.php?id=CVE-2016-0268

XML external entity (XXE) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote authenticated users to obtain sensitive information via crafted XML data. IBM X-Force ID: 110915. Vulnerabilidad de XEE (XML External Entity) en IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 y versiones 3.0.0.x anteriores a fp0013; Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 y versiones 3.0.0.x anteriores a fp0013 y Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 y versiones 3.0.0.x anteriores a fp0013 permite que usuarios autenticados remotos obtengan información sensible mediante datos XML manipulados. IBM X-Force ID: 110915. • http://www-01.ibm.com/support/docview.wss?uid=swg21977245 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0

CVE-2014-8917

https://notcve.org/view.php?id=CVE-2014-8917

Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3) dojox/av/resources/audio.swf, and (4) dojox/av/resources/video.swf in the IBM Dojo Toolkit, as used in IBM Social Media Analytics 1.3 before IF11 and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en (1) dojox/form/resources/uploader.swf (también conocido como upload.swf), (2) dojox/form/resources/fileuploader.swf (también conocido como fileupload.swf), (3) dojox/av/resources/audio.swf, y (4) dojox/av/resources/video.swf en el juego de herramientas de IBM Dojo, utilizado en IBM Social Media Analytics 1.3 anterior a IF11 y otros productos, permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/62590 http://secunia.com/advisories/62837 http://www-01.ibm.com/support/docview.wss?uid=swg21694693 http://www-01.ibm.com/support/docview.wss?uid=swg21696013 http://www.securityfocus.com/bid/72903 http://www.securitytracker.com/id/1032376 https://exchange.xforce.ibmcloud.com/vulnerabilities/99303 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2