CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1790
https://notcve.org/view.php?id=CVE-2018-1790
10 May 2019 — IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 148944. IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2 es vulnerable a ataques CSRF, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que confía e... • http://www.ibm.com/support/docview.wss?uid=ibm10731607 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4032
https://notcve.org/view.php?id=CVE-2019-4032
05 Mar 2019 — IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-ForceID: 155998. IBM Financial Transaction Manager para pagos digitales para para múltiples plataformas 3.1.0 es vulnerable a una inyección SQL. Un atacante remoto podría enviar instrucciones SQL especialmente manipuladas que podrí... • http://www.ibm.com/support/docview.wss?uid=ibm10869520 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-2026
https://notcve.org/view.php?id=CVE-2018-2026
23 Jan 2019 — IBM Financial Transaction Manager 3.2.1 for Digital Payments could allow an authenticated user to obtain a directory listing of internal product files. IBM X-Force ID: 155552. IBM Financial Transaction Manager 3.2.1 for Digital Payments podría permitir que un usuario autenticado obtenga una lista de directorios de archivos de producto internos. IBM X-Force ID: 155552. • http://www.ibm.com/support/docview.wss?uid=ibm10795536 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1871
https://notcve.org/view.php?id=CVE-2018-1871
06 Dec 2018 — IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2, and 3.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 151329. IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2 y 3.0.5 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilida... • http://www.ibm.com/support/docview.wss?uid=ibm10743123 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2018-1819
https://notcve.org/view.php?id=CVE-2018-1819
04 Oct 2018 — IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2, 3.0.4, 3.0.6, and 3.2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-force ID: 150023. IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2, 3.0.4, 3.0.6 y 3.2.0 es vulnerable a inyección SQL. Un atacante remoto podría enviar instrucciones SQL espe... • http://www.ibm.com/support/docview.wss?uid=ibm10732357 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1670
https://notcve.org/view.php?id=CVE-2018-1670
04 Oct 2018 — IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive product configuration information from log files. IBM X-Force ID: 144946. IBM Financial Transaction Manager para ACH Services para Multi-Platform 3.0.2 puede permitir que un usuario autenticado obtenga información de configuración de productos sensible de los archivos de registro. IBM X-Force ID: 144946. • http://www.ibm.com/support/docview.wss?uid=ibm10731547 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1393
https://notcve.org/view.php?id=CVE-2018-1393
13 Jun 2018 — IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.6 could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. IBM X-Force ID: 138378. IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.6 podría permitir que un usuario autenticado ejecute un comando especialmente manipulado que podría obtener información sensible. IBM X-Force ID: 138378. • http://www.ibm.com/support/docview.wss?uid=swg22013250 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1390
https://notcve.org/view.php?id=CVE-2018-1390
30 Mar 2018 — IBM Financial Transaction Manager for Check Services for Multi-Platform 3.0, 3.0.2, and 3.0.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138221. IBM Financial Transaction Manager para Check Services en múltiples plataformas 3.0, 3.0.2 y 3.0.2.1 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabil... • http://www.ibm.com/support/docview.wss?uid=swg22014795 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2016-0253
https://notcve.org/view.php?id=CVE-2016-0253
09 Mar 2018 — Cross-site scripting (XSS) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110562. Vulner... • http://www-01.ibm.com/support/docview.wss?uid=swg21977245 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2016-0268
https://notcve.org/view.php?id=CVE-2016-0268
09 Mar 2018 — XML external entity (XXE) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote authenticated users to obtain sensitive information via crafted XML data. IBM X-Force ID: 110915. Vulnera... • http://www-01.ibm.com/support/docview.wss?uid=swg21977245 • CWE-611: Improper Restriction of XML External Entity Reference •