CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4906
https://notcve.org/view.php?id=CVE-2020-4906
16 Dec 2020 — IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be stored locally which can be read by another user on the system. IBM Financial Transaction Manager for SWIFT Services for Multiplatforms versión 3.2.4, permite que las páginas web sean almacenadas localmente y que puedan ser leídas por otro usuario en el sistema • https://exchange.xforce.ibmcloud.com/vulnerabilities/191110 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4905
https://notcve.org/view.php?id=CVE-2020-4905
16 Dec 2020 — IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an remote attacker to obtain sensitive information, caused by a man in the middle attack. By SSL striping, an attacker could exploit this vulnerability to obtain sensitive information. IBM Financial Transaction Manager for SWIFT Services for Multiplatforms versión 3.2.4, podría permitir a un atacante remoto obtener información confidencial, causada por un ataque de tipo man in the middle. Mediante bandas SSL, un atacan... • https://exchange.xforce.ibmcloud.com/vulnerabilities/191109 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4904
https://notcve.org/view.php?id=CVE-2020-4904
16 Dec 2020 — IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Financial Transaction Manager for SWIFT Services for Multiplatforms versión 3.2.4, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el... • https://exchange.xforce.ibmcloud.com/vulnerabilities/191106 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4560
https://notcve.org/view.php?id=CVE-2020-4560
03 Aug 2020 — IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Financial Transaction Manager versión 3.2.4, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcional... • https://exchange.xforce.ibmcloud.com/vulnerabilities/183900 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4328
https://notcve.org/view.php?id=CVE-2020-4328
03 Aug 2020 — IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 177839. IBM Financial Transaction Manager versión 3.2.4, es vulnerable a una inyección SQL. Un atacante remoto podría enviar sentencias SQL especialmente diseñadas, lo que podría permitir a un atacante visualizar, agregar, modificar o eliminar información en la... • https://exchange.xforce.ibmcloud.com/vulnerabilities/177839 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4744
https://notcve.org/view.php?id=CVE-2019-4744
20 Dec 2019 — IBM Financial Transaction Manager 3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172882. IBM Financial Transaction Manager versión 3.0, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, al... • https://exchange.xforce.ibmcloud.com/vulnerabilities/172882 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4743
https://notcve.org/view.php?id=CVE-2019-4743
20 Dec 2019 — IBM Financial Transaction Manager 3.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 172880. IBM Financial Transaction Manager versión 3.0, no establece el atributo seguro en los tokens de autorización o cooki... • https://exchange.xforce.ibmcloud.com/vulnerabilities/172880 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4742
https://notcve.org/view.php?id=CVE-2019-4742
20 Dec 2019 — IBM Financial Transaction Manager 3.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 172877. IBM Financial Transaction Manager versión 3.0, podría permitir a un atacante remoto secuestrar la acción de clic de la víctima. Al persuadir a una víctima para que visite un sit... • https://exchange.xforce.ibmcloud.com/vulnerabilities/172877 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4736
https://notcve.org/view.php?id=CVE-2019-4736
20 Dec 2019 — IBM Financial Transaction Manager 3.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 172706. IBM Financial Transaction Manager versión 3.0, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. ID de IBM X-Force: 172706. • https://exchange.xforce.ibmcloud.com/vulnerabilities/172706 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1847
https://notcve.org/view.php?id=CVE-2018-1847
18 Sep 2019 — IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) v2.0.0.0 through 2.0.0.5, v2.1.0.0 through 2.1.0.4, v2.1.1.0 through 2.1.1.4, and v3.0.0.0 through 3.0.0.8 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 150946. IBM Financial Transaction Manager (FTM) para multiplataforma (MP) versiones v2.0.0.0 hasta 2.0.0.5, versiones v2.1.0... • https://exchange.xforce.ibmcloud.com/vulnerabilities/150946 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •