CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-5002 – IBM Financial Transaction Manager security bypass
https://notcve.org/view.php?id=CVE-2020-5002
IBM Financial Transaction Manager 3.2.0 through 3.2.10 could allow an authenticated user to perform unauthorized actions due to improper validation. IBM X-Force ID: 192954. • https://exchange.xforce.ibmcloud.com/vulnerabilities/192954 https://www.ibm.com/support/pages/node/6958504 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5001 – IBM Financial Transaction Manager path traversal
https://notcve.org/view.php?id=CVE-2020-5001
IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 192953. • https://exchange.xforce.ibmcloud.com/vulnerabilities/192953 https://www.ibm.com/support/pages/node/6958504 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2022-43875 – IBM Financial Transaction Manager for SWIFT Services for Multiplatforms denial of service
https://notcve.org/view.php?id=CVE-2022-43875
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or managing these authorizations. IBM X-Force ID: 240034. IBM Financial Transaction Manager para SWIFT Services for Multiplatforms 3.2.4 podría permitir que un usuario autenticado bloquee autorizaciones RM adicionales, lo que resultaría en una Denegación de Servicio (DoS) al mostrar o administrar estas autorizaciones. ID de IBM X-Force: 240034. • https://exchange.xforce.ibmcloud.com/vulnerabilities/240034 https://www.ibm.com/support/pages/node/6848881 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-43872 – IBM Financial Transaction Manager information disclosure
https://notcve.org/view.php?id=CVE-2022-43872
IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. event log entries) about the FTM SWIFT system. IBM X-Force ID: 239708. Las comprobaciones de autorización de IBM Financial Transaction Manager 3.2.4 se realizan incorrectamente para algunas solicitudes HTTP, lo que permite obtener información técnica no autorizada (por ejemplo, entradas de registro de eventos) sobre el sistema FTM SWIFT. ID de IBM X-Force: 239708. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239708 https://www.ibm.com/support/pages/node/6848881 • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4575
https://notcve.org/view.php?id=CVE-2019-4575
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.9 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 166801. IBM Financial Transaction Manager for Digital Payments for Multi-Platform versiones 3.2.0 hasta 3.2.9, es vulnerable a una inyección SQL. Un atacante remoto podría enviar sentencias SQL especialmente diseñadas, que podrían permitir al atacante visualizar, añadir, modificar o eliminar información en la base de datos del back-end. • https://exchange.xforce.ibmcloud.com/vulnerabilities/166801 https://www.ibm.com/support/pages/node/6594797 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •