CVE-2020-4555
https://notcve.org/view.php?id=CVE-2020-4555
IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 183328. IBM Financial Transaction Manager versiones 3.0.6 y 3.1.0, no comprueba una sesión después del cierre de sesión, lo que podría permitir a un usuario autenticado suplantar a otro usuario en el sistema. IBM X-Force ID: 183328 • https://exchange.xforce.ibmcloud.com/vulnerabilities/183328 https://www.ibm.com/support/pages/node/6388702 https://www.ibm.com/support/pages/node/6388704 https://www.ibm.com/support/pages/node/6388706 https://www.ibm.com/support/pages/node/6388708 https://www.ibm.com/support/pages/node/6388722 https://www.ibm.com/support/pages/node/6388744 • CWE-384: Session Fixation •
CVE-2018-1871
https://notcve.org/view.php?id=CVE-2018-1871
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2, and 3.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 151329. IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2 y 3.0.5 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=ibm10743123 http://www.securityfocus.com/bid/106149 https://exchange.xforce.ibmcloud.com/vulnerabilities/151329 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-1390
https://notcve.org/view.php?id=CVE-2018-1390
IBM Financial Transaction Manager for Check Services for Multi-Platform 3.0, 3.0.2, and 3.0.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138221. IBM Financial Transaction Manager para Check Services en múltiples plataformas 3.0, 3.0.2 y 3.0.2.1 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=swg22014795 http://www.securityfocus.com/bid/103682 https://exchange.xforce.ibmcloud.com/vulnerabilities/138221 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-1152
https://notcve.org/view.php?id=CVE-2017-1152
IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 122293. IBM Financial Transaction Manager 3.0.1 y 3.0.2 no actualiza correctamente el SESSIONID con cada solicitud, lo que podría permitir a un usuario obtener el ID en nuevos ataques contra el sistema. IBM X-Force ID: 122293. • http://www.ibm.com/support/docview.wss?uid=swg22001551 http://www.securityfocus.com/bid/99237 • CWE-384: Session Fixation •
CVE-2016-5920
https://notcve.org/view.php?id=CVE-2016-5920
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financial Transaction Manager (FTM) for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la Web UI en IBM Financial Transaction Manager (FTM) para ACH Services 3.0.0.x en versiones anteriores a fp0015 y 3.0.1.0 en versiones anteriores a iFix0002 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI67537 http://www-01.ibm.com/support/docview.wss?uid=swg21989060 http://www.securityfocus.com/bid/92634 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •