CVSS: 5.4EPSS: 0%CPEs: 48EXPL: 0CVE-2017-1160
https://notcve.org/view.php?id=CVE-2017-1160
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122892. IBM Financial Transaction Manager para ACH Services para Multi-Platform 3.0.0.x es vulnerable a las secuencias de comandos entre sitios. Esta vulnerabilidad permite a los usuarios integrar código JavaScript arbitrario en la interfaz de usuario Web, alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg22001574 http://www.securityfocus.com/bid/97666 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 47EXPL: 0CVE-2016-5920
https://notcve.org/view.php?id=CVE-2016-5920
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financial Transaction Manager (FTM) for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la Web UI en IBM Financial Transaction Manager (FTM) para ACH Services 3.0.0.x en versiones anteriores a fp0015 y 3.0.1.0 en versiones anteriores a iFix0002 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI67537 http://www-01.ibm.com/support/docview.wss?uid=swg21989060 http://www.securityfocus.com/bid/92634 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.7EPSS: 0%CPEs: 47EXPL: 0CVE-2016-3060
https://notcve.org/view.php?id=CVE-2016-3060
Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site. Payments Director en IBM Financial Transaction Manager (FTM) para ACH Services, Check Services y Corporate Payment Services (CPS) 3.0.0.x en versiones anteriores a fp0015 y 3.0.1.0 en versiones anteriores a iFix0002 permite a usuarios remotos autenticados llevar a cabo ataques de clickjacking a través de un sitio web manipulado. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI64063 http://www-01.ibm.com/support/docview.wss?uid=swg1PI64064 http://www-01.ibm.com/support/docview.wss?uid=swg1PI67537 http://www-01.ibm.com/support/docview.wss?uid=swg21989060 http://www.securityfocus.com/bid/92633 • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-0231
https://notcve.org/view.php?id=CVE-2016-0231
IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by reading exception details in error logs. IBM Financial Transaction Manager (FTM) para ACH Services, Check Services y Corporate Payment Services (CPS) 3.0.0 en versiones anteriores a FP12 permite a usuarios remotos autenticados obtener información sensible mediante la lectura de detalles de excepción en logs de error. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI56757 http://www-01.ibm.com/support/docview.wss?uid=swg1PI56758 http://www-01.ibm.com/support/docview.wss?uid=swg1PI56759 http://www-01.ibm.com/support/docview.wss?uid=swg1PI56762 http://www-01.ibm.com/support/docview.wss? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 36EXPL: 0CVE-2016-0232
https://notcve.org/view.php?id=CVE-2016-0232
IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by reading README files. IBM Financial Transaction Manager (FTM) para ACH Services, Check Services y Corporate Payment Services (CPS) 3.0.0 en versiones anteriores a FP12 permite a usuarios remotos autenticados obtener información sensible mediante la lectura de archivos README. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI56757 http://www-01.ibm.com/support/docview.wss?uid=swg1PI56758 http://www-01.ibm.com/support/docview.wss?uid=swg1PI56759 http://www-01.ibm.com/support/docview.wss?uid=swg1PI56762 http://www-01.ibm.com/support/docview.wss? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •