CVE-2023-49880 – IBM Financial Transaction Manager for SWIFT Services data manipulation
https://notcve.org/view.php?id=CVE-2023-49880
In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. However, an attacker might modify these elements of a business transaction. IBM X-Force ID: 273183. En la función Message Entry and Repair (MER) de IBM Financial Transaction Manager para SWIFT Services 3.2.4, se supone que la dirección de envío y el tipo de mensaje de los mensajes FIN son inmutables. Sin embargo, un atacante podría modificar estos elementos de una transacción comercial. • https://exchange.xforce.ibmcloud.com/vulnerabilities/273183 https://www.ibm.com/support/pages/node/7101167 •
CVE-2023-35892 – IBM Financial Transaction Manager for SWIFT Services XML external entity injection
https://notcve.org/view.php?id=CVE-2023-35892
IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 258786. IBM Financial Transaction Manager for SWIFT Services v3.2.4 es vulnerable a un ataque de Inyección de Entidad Externa XML (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sensible o consumir recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/258786 https://www.ibm.com/support/pages/node/7030359 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2022-43871 – IBM Financial Transaction Manager for SWIFT Services cross-site scripting
https://notcve.org/view.php?id=CVE-2022-43871
IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239707. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239707 https://www.ibm.com/support/pages/node/6857799 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-4556 – IBM Financial Transaction Manager information disclosure
https://notcve.org/view.php?id=CVE-2020-4556
IBM Financial Transaction Manager for High Value Payments for Multi-Platform 3.2.0 through 3.2.10 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 183329. • https://exchange.xforce.ibmcloud.com/vulnerabilities/183329 https://www.ibm.com/support/pages/node/6962117 •
CVE-2020-5026
https://notcve.org/view.php?id=CVE-2020-5026
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 193662. • https://exchange.xforce.ibmcloud.com/vulnerabilities/193662 https://www.ibm.com/support/pages/node/6958504 • CWE-209: Generation of Error Message Containing Sensitive Information •