Vulnerabilities > IBM > Financial Transaction Manager
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-25 | CVE-2023-49880 | Unspecified vulnerability in IBM Financial Transaction Manager 3.2.4 In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. | 7.5 |
| 2023-09-05 | CVE-2023-35892 | XXE vulnerability in IBM Financial Transaction Manager 3.2.4 IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2023-03-15 | CVE-2020-4556 | Unspecified vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager for High Value Payments for Multi-Platform 3.2.0 through 3.2.10 allows web pages to be stored locally which can be read by another user on the system. | 3.3 |
| 2023-03-10 | CVE-2020-5002 | Improper Input Validation vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager 3.2.0 through 3.2.10 could allow an authenticated user to perform unauthorized actions due to improper validation. | 8.8 |
| 2023-03-01 | CVE-2020-5001 | Path Traversal vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a remote attacker to traverse directories on the system. | 7.5 |
| 2023-03-01 | CVE-2020-5026 | Information Exposure Through an Error Message vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 7.5 |
| 2022-12-20 | CVE-2022-43872 | Incorrect Authorization vulnerability in IBM Financial Transaction Manager 3.2.4 IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. | 5.3 |
| 2022-12-20 | CVE-2022-43875 | Improper Input Validation vulnerability in IBM Financial Transaction Manager 3.2.4 IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or managing these authorizations. | 5.5 |
| 2022-06-15 | CVE-2019-4575 | SQL Injection vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.9 is vulnerable to SQL injection. | 7.5 |
| 2022-02-02 | CVE-2021-39044 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Financial Transaction Manager 3.2.4 IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.8 |