CVSS: 6.3EPSS: 0%CPEs: 13EXPL: 0CVE-2020-4555
https://notcve.org/view.php?id=CVE-2020-4555
21 Dec 2020 — IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 183328. IBM Financial Transaction Manager versiones 3.0.6 y 3.1.0, no comprueba una sesión después del cierre de sesión, lo que podría permitir a un usuario autenticado suplantar a otro usuario en el sistema. IBM X-Force ID: 183328 • https://exchange.xforce.ibmcloud.com/vulnerabilities/183328 • CWE-384: Session Fixation •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1871
https://notcve.org/view.php?id=CVE-2018-1871
06 Dec 2018 — IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2, and 3.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 151329. IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2 y 3.0.5 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilida... • http://www.ibm.com/support/docview.wss?uid=ibm10743123 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1390
https://notcve.org/view.php?id=CVE-2018-1390
30 Mar 2018 — IBM Financial Transaction Manager for Check Services for Multi-Platform 3.0, 3.0.2, and 3.0.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138221. IBM Financial Transaction Manager para Check Services en múltiples plataformas 3.0, 3.0.2 y 3.0.2.1 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabil... • http://www.ibm.com/support/docview.wss?uid=swg22014795 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1152
https://notcve.org/view.php?id=CVE-2017-1152
14 Apr 2017 — IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 122293. IBM Financial Transaction Manager 3.0.1 y 3.0.2 no actualiza correctamente el SESSIONID con cada solicitud, lo que podría permitir a un usuario obtener el ID en nuevos ataques contra el sistema. IBM X-Force ID: 122293. • http://www.ibm.com/support/docview.wss?uid=swg22001551 • CWE-384: Session Fixation •
CVSS: 5.7EPSS: 0%CPEs: 47EXPL: 0CVE-2016-3060
https://notcve.org/view.php?id=CVE-2016-3060
29 Oct 2016 — Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site. Payments Director en IBM Financial Transaction Manager (FTM) para ACH Services, Check Services y Corporate Payment Services (CPS) 3.0.0.x en versiones anteriores a fp0015 y 3.0.1.0 en versiones anteriores a iFix0002 permite a usuarios remot... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI64063 • CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 0%CPEs: 47EXPL: 0CVE-2016-5920
https://notcve.org/view.php?id=CVE-2016-5920
29 Oct 2016 — Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financial Transaction Manager (FTM) for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la Web UI en IBM Financial Transaction Manager (FTM) para ACH Services 3.0.0.x en versiones anteriores a fp0015 y 3.0.1.0 en versiones anteriores a iFix0002 permite a usuarios remotos autenticados inyectar secuencias de coma... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI67537 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •