CVE-2020-4555
https://notcve.org/view.php?id=CVE-2020-4555
IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 183328. IBM Financial Transaction Manager versiones 3.0.6 y 3.1.0, no comprueba una sesión después del cierre de sesión, lo que podría permitir a un usuario autenticado suplantar a otro usuario en el sistema. IBM X-Force ID: 183328 • https://exchange.xforce.ibmcloud.com/vulnerabilities/183328 https://www.ibm.com/support/pages/node/6388702 https://www.ibm.com/support/pages/node/6388704 https://www.ibm.com/support/pages/node/6388706 https://www.ibm.com/support/pages/node/6388708 https://www.ibm.com/support/pages/node/6388722 https://www.ibm.com/support/pages/node/6388744 • CWE-384: Session Fixation •
CVE-2020-4908
https://notcve.org/view.php?id=CVE-2020-4908
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 returns the product version and release information on the login dialog. This information could be used in further attacks against the system. IBM Financial Transaction Manager for SWIFT Services for Multiplatforms versión 3.2.4, devuelve la versión del producto y la información de release en el diálogo de inicio de sesión. Esta información podría ser usada en futuros ataques contra el sistema • https://exchange.xforce.ibmcloud.com/vulnerabilities/191113 https://www.ibm.com/support/pages/node/6371260 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2020-4907
https://notcve.org/view.php?id=CVE-2020-4907
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM Financial Transaction Manager for SWIFT Services for Multiplatforms versión 3.2.4, podría permitir a un atacante remoto obtener información confidencial cuando un mensaje de error técnico detallado es devuelto en el navegador. Esta información podría ser usada en futuros ataques contra el sistema • https://exchange.xforce.ibmcloud.com/vulnerabilities/191112 https://www.ibm.com/support/pages/node/6371260 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2020-4906
https://notcve.org/view.php?id=CVE-2020-4906
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be stored locally which can be read by another user on the system. IBM Financial Transaction Manager for SWIFT Services for Multiplatforms versión 3.2.4, permite que las páginas web sean almacenadas localmente y que puedan ser leídas por otro usuario en el sistema • https://exchange.xforce.ibmcloud.com/vulnerabilities/191110 https://www.ibm.com/support/pages/node/6371260 • CWE-922: Insecure Storage of Sensitive Information •
CVE-2020-4905
https://notcve.org/view.php?id=CVE-2020-4905
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an remote attacker to obtain sensitive information, caused by a man in the middle attack. By SSL striping, an attacker could exploit this vulnerability to obtain sensitive information. IBM Financial Transaction Manager for SWIFT Services for Multiplatforms versión 3.2.4, podría permitir a un atacante remoto obtener información confidencial, causada por un ataque de tipo man in the middle. Mediante bandas SSL, un atacante podría explotar esta vulnerabilidad para obtener información confidencial • https://exchange.xforce.ibmcloud.com/vulnerabilities/191109 https://www.ibm.com/support/pages/node/6371260 •