NotCVE - vendor:"Ibm" product:"Financial Transaction Manager" version:" >= 3.2.0

18 results (0.007 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-49880 – IBM Financial Transaction Manager for SWIFT Services data manipulation

https://notcve.org/view.php?id=CVE-2023-49880

25 Dec 2023 — In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. However, an attacker might modify these elements of a business transaction. IBM X-Force ID: 273183. En la función Message Entry and Repair (MER) de IBM Financial Transaction Manager para SWIFT Services 3.2.4, se supone que la dirección de envío y el tipo de mensaje de los mensajes FIN son inmutables. Sin embargo, un... • https://exchange.xforce.ibmcloud.com/vulnerabilities/273183 •

CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-35892 – IBM Financial Transaction Manager for SWIFT Services XML external entity injection

https://notcve.org/view.php?id=CVE-2023-35892

04 Sep 2023 — IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 258786. IBM Financial Transaction Manager for SWIFT Services v3.2.4 es vulnerable a un ataque de Inyección de Entidad Externa XML (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer informaci... • https://exchange.xforce.ibmcloud.com/vulnerabilities/258786 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-4556 – IBM Financial Transaction Manager information disclosure

https://notcve.org/view.php?id=CVE-2020-4556

15 Mar 2023 — IBM Financial Transaction Manager for High Value Payments for Multi-Platform 3.2.0 through 3.2.10 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 183329. • https://exchange.xforce.ibmcloud.com/vulnerabilities/183329 •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-5026

https://notcve.org/view.php?id=CVE-2020-5026

01 Mar 2023 — IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 193662. • https://exchange.xforce.ibmcloud.com/vulnerabilities/193662 • CWE-209: Generation of Error Message Containing Sensitive Information •

CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-5002 – IBM Financial Transaction Manager security bypass

https://notcve.org/view.php?id=CVE-2020-5002

01 Mar 2023 — IBM Financial Transaction Manager 3.2.0 through 3.2.10 could allow an authenticated user to perform unauthorized actions due to improper validation. IBM X-Force ID: 192954. • https://exchange.xforce.ibmcloud.com/vulnerabilities/192954 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-5001 – IBM Financial Transaction Manager path traversal

https://notcve.org/view.php?id=CVE-2020-5001

01 Mar 2023 — IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 192953. • https://exchange.xforce.ibmcloud.com/vulnerabilities/192953 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0

CVE-2022-43875 – IBM Financial Transaction Manager for SWIFT Services for Multiplatforms denial of service

https://notcve.org/view.php?id=CVE-2022-43875

20 Dec 2022 — IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or managing these authorizations. IBM X-Force ID: 240034. IBM Financial Transaction Manager para SWIFT Services for Multiplatforms 3.2.4 podría permitir que un usuario autenticado bloquee autorizaciones RM adicionales, lo que resultaría en una Denegación de Servicio (DoS) al mostrar o administrar estas autorizacio... • https://exchange.xforce.ibmcloud.com/vulnerabilities/240034 • CWE-20: Improper Input Validation •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2022-43872 – IBM Financial Transaction Manager information disclosure

https://notcve.org/view.php?id=CVE-2022-43872

20 Dec 2022 — IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. event log entries) about the FTM SWIFT system. IBM X-Force ID: 239708. Las comprobaciones de autorización de IBM Financial Transaction Manager 3.2.4 se realizan incorrectamente para algunas solicitudes HTTP, lo que permite obtener información técnica no autorizada (por ejemplo, entradas de registro de eventos) sobre el sistema FTM SWIFT. ID de... • https://exchange.xforce.ibmcloud.com/vulnerabilities/239708 • CWE-863: Incorrect Authorization •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-4575

https://notcve.org/view.php?id=CVE-2019-4575

15 Jun 2022 — IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.9 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 166801. IBM Financial Transaction Manager for Digital Payments for Multi-Platform versiones 3.2.0 hasta 3.2.9, es vulnerable a una inyección SQL. Un atacante remoto podría enviar sentencias SQL especialmente... • https://exchange.xforce.ibmcloud.com/vulnerabilities/166801 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-39066

https://notcve.org/view.php?id=CVE-2021-39066

02 Feb 2022 — IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session identifier gives an attacker the opportunity to steal authenticated sessions. IBM X-Force ID: 215040. IBM Financial Transaction Manager versión 3.2.4, no invalida la sesión de cualquier identificador de sesión existente da a un atacante la oportunidad de robar sesiones autenticadas. IBM X-Force ID: 215040 • https://exchange.xforce.ibmcloud.com/vulnerabilities/215040 • CWE-384: Session Fixation •

1 2