CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2022-43875 – IBM Financial Transaction Manager for SWIFT Services for Multiplatforms denial of service
https://notcve.org/view.php?id=CVE-2022-43875
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or managing these authorizations. IBM X-Force ID: 240034. IBM Financial Transaction Manager para SWIFT Services for Multiplatforms 3.2.4 podría permitir que un usuario autenticado bloquee autorizaciones RM adicionales, lo que resultaría en una Denegación de Servicio (DoS) al mostrar o administrar estas autorizaciones. ID de IBM X-Force: 240034. • https://exchange.xforce.ibmcloud.com/vulnerabilities/240034 https://www.ibm.com/support/pages/node/6848881 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-43872 – IBM Financial Transaction Manager information disclosure
https://notcve.org/view.php?id=CVE-2022-43872
IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. event log entries) about the FTM SWIFT system. IBM X-Force ID: 239708. Las comprobaciones de autorización de IBM Financial Transaction Manager 3.2.4 se realizan incorrectamente para algunas solicitudes HTTP, lo que permite obtener información técnica no autorizada (por ejemplo, entradas de registro de eventos) sobre el sistema FTM SWIFT. ID de IBM X-Force: 239708. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239708 https://www.ibm.com/support/pages/node/6848881 • CWE-863: Incorrect Authorization •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29841
https://notcve.org/view.php?id=CVE-2021-29841
IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205045. IBM Financial Transaction Manager versión 3.2.4, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario web, alterando así la funcionalidad prevista y conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/205045 https://www.ibm.com/support/pages/node/6488407 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 16EXPL: 0CVE-2011-1384
https://notcve.org/view.php?id=CVE-2011-1384
The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file. El programa (1) bin/invscoutClient_VPD_Survey y (2) sbin/invscout_lsvpd en invscout.rte antes de v2.2.0.19 en IBM AIX v7.1, v6.1, v5.3, y anteriores, permite a usuarios locales borrar archivos de su elección o lanzar las operaciones de exploración de inventario en archivos de su elección, a través de un ataque de enlace simbólico en un archivo no especificado. • http://aix.software.ibm.com/aix/efixes/security/invscout_advisory2.asc http://secunia.com/advisories/47222 http://www-01.ibm.com/support/docview.wss?uid=isg1IV11643 http://www.securityfocus.com/bid/51059 http://www.securityfocus.com/bid/51083 https://exchange.xforce.ibmcloud.com/vulnerabilities/71615 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 7%CPEs: 1EXPL: 7CVE-2010-3187 – AIX5l with FTP-Server - Hash Disclosure
https://notcve.org/view.php?id=CVE-2010-3187
Buffer overflow in ftpd in IBM AIX 5.3 and earlier allows remote attackers to execute arbitrary code via a long NLST command. Desbordamiento de buffer en ftpd de IBM AIX v5.3 y versiones anteriores. Permite a atacantes remotos ejecutar código de su elección a través de un comando NLST extenso. • https://www.exploit-db.com/exploits/14409 https://www.exploit-db.com/exploits/14456 http://aix.software.ibm.com/aix/efixes/security/ftpd_advisory.asc http://seclists.org/fulldisclosure/2010/Jul/281 http://seclists.org/fulldisclosure/2010/Jul/317 http://seclists.org/fulldisclosure/2010/Jul/324 http://seclists.org/fulldisclosure/2010/Jul/337 http://securitytracker.com/id?1024368 http://www.exploit-db.com/exploits/14409 http://www.exploit-db.com/exploits/14456 http:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •