6 results (0.002 seconds)

CVSS: 6.3EPSS: 0%CPEs: 13EXPL: 0

IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 183328. IBM Financial Transaction Manager versiones 3.0.6 y 3.1.0, no comprueba una sesión después del cierre de sesión, lo que podría permitir a un usuario autenticado suplantar a otro usuario en el sistema. IBM X-Force ID: 183328 • https://exchange.xforce.ibmcloud.com/vulnerabilities/183328 https://www.ibm.com/support/pages/node/6388702 https://www.ibm.com/support/pages/node/6388704 https://www.ibm.com/support/pages/node/6388706 https://www.ibm.com/support/pages/node/6388708 https://www.ibm.com/support/pages/node/6388722 https://www.ibm.com/support/pages/node/6388744 • CWE-384: Session Fixation •

CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2, and 3.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 151329. IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2 y 3.0.5 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=ibm10743123 http://www.securityfocus.com/bid/106149 https://exchange.xforce.ibmcloud.com/vulnerabilities/151329 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0

IBM Financial Transaction Manager for Check Services for Multi-Platform 3.0, 3.0.2, and 3.0.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138221. IBM Financial Transaction Manager para Check Services en múltiples plataformas 3.0, 3.0.2 y 3.0.2.1 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=swg22014795 http://www.securityfocus.com/bid/103682 https://exchange.xforce.ibmcloud.com/vulnerabilities/138221 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 48EXPL: 0

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122892. IBM Financial Transaction Manager para ACH Services para Multi-Platform 3.0.0.x es vulnerable a las secuencias de comandos entre sitios. Esta vulnerabilidad permite a los usuarios integrar código JavaScript arbitrario en la interfaz de usuario Web, alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg22001574 http://www.securityfocus.com/bid/97666 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 47EXPL: 0

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financial Transaction Manager (FTM) for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la Web UI en IBM Financial Transaction Manager (FTM) para ACH Services 3.0.0.x en versiones anteriores a fp0015 y 3.0.1.0 en versiones anteriores a iFix0002 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI67537 http://www-01.ibm.com/support/docview.wss?uid=swg21989060 http://www.securityfocus.com/bid/92634 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •