Vulnerabilities > IBM > Financial Transaction Manager > 3.0.1.0

DATE CVE VULNERABILITY TITLE RISK
2017-04-14 CVE-2017-1152 Session Fixation vulnerability in IBM Financial Transaction Manager 3.0.1.0/3.0.2.0
IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system.
network
low complexity
ibm CWE-384
4.3
4.3
2016-10-29 CVE-2016-5920 Cross-site Scripting vulnerability in IBM Financial Transaction Manager
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financial Transaction Manager (FTM) for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ibm CWE-79
5.4
5.4
2016-10-29 CVE-2016-3060 Improper Access Control vulnerability in IBM Financial Transaction Manager
Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.
network
low complexity
ibm CWE-284
5.7
5.7