CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49349 – IBM Financial Transaction Manager cross-site scripting
https://notcve.org/view.php?id=CVE-2024-49349
31 Jan 2025 — IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.1 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7182203 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49339 – IBM Financial Transaction Manager cross-site scripting
https://notcve.org/view.php?id=CVE-2024-49339
31 Jan 2025 — IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.1 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7182201 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49880 – IBM Financial Transaction Manager for SWIFT Services data manipulation
https://notcve.org/view.php?id=CVE-2023-49880
25 Dec 2023 — In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. However, an attacker might modify these elements of a business transaction. IBM X-Force ID: 273183. En la función Message Entry and Repair (MER) de IBM Financial Transaction Manager para SWIFT Services 3.2.4, se supone que la dirección de envío y el tipo de mensaje de los mensajes FIN son inmutables. Sin embargo, un... • https://exchange.xforce.ibmcloud.com/vulnerabilities/273183 •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35892 – IBM Financial Transaction Manager for SWIFT Services XML external entity injection
https://notcve.org/view.php?id=CVE-2023-35892
04 Sep 2023 — IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 258786. IBM Financial Transaction Manager for SWIFT Services v3.2.4 es vulnerable a un ataque de Inyección de Entidad Externa XML (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer informaci... • https://exchange.xforce.ibmcloud.com/vulnerabilities/258786 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43871 – IBM Financial Transaction Manager for SWIFT Services cross-site scripting
https://notcve.org/view.php?id=CVE-2022-43871
29 Apr 2023 — IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239707. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239707 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4556 – IBM Financial Transaction Manager information disclosure
https://notcve.org/view.php?id=CVE-2020-4556
15 Mar 2023 — IBM Financial Transaction Manager for High Value Payments for Multi-Platform 3.2.0 through 3.2.10 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 183329. • https://exchange.xforce.ibmcloud.com/vulnerabilities/183329 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5026
https://notcve.org/view.php?id=CVE-2020-5026
01 Mar 2023 — IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 193662. • https://exchange.xforce.ibmcloud.com/vulnerabilities/193662 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2020-5002 – IBM Financial Transaction Manager security bypass
https://notcve.org/view.php?id=CVE-2020-5002
01 Mar 2023 — IBM Financial Transaction Manager 3.2.0 through 3.2.10 could allow an authenticated user to perform unauthorized actions due to improper validation. IBM X-Force ID: 192954. • https://exchange.xforce.ibmcloud.com/vulnerabilities/192954 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5001 – IBM Financial Transaction Manager path traversal
https://notcve.org/view.php?id=CVE-2020-5001
01 Mar 2023 — IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 192953. • https://exchange.xforce.ibmcloud.com/vulnerabilities/192953 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2022-43875 – IBM Financial Transaction Manager for SWIFT Services for Multiplatforms denial of service
https://notcve.org/view.php?id=CVE-2022-43875
20 Dec 2022 — IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or managing these authorizations. IBM X-Force ID: 240034. IBM Financial Transaction Manager para SWIFT Services for Multiplatforms 3.2.4 podría permitir que un usuario autenticado bloquee autorizaciones RM adicionales, lo que resultaría en una Denegación de Servicio (DoS) al mostrar o administrar estas autorizacio... • https://exchange.xforce.ibmcloud.com/vulnerabilities/240034 • CWE-20: Improper Input Validation •