Vulnerabilities > IBM > Financial Transaction Manager > 3.0.2.0

DATE CVE VULNERABILITY TITLE RISK
2019-05-10 CVE-2018-1790 Cross-Site Request Forgery (CSRF) vulnerability in IBM Financial Transaction Manager 3.0.2.0/3.0.2.1
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
ibm CWE-352
6.8
6.8
2018-12-06 CVE-2018-1871 Cross-site Scripting vulnerability in IBM Financial Transaction Manager
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2, and 3.0.5 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2018-10-04 CVE-2018-1819 SQL Injection vulnerability in IBM Financial Transaction Manager
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2, 3.0.4, 3.0.6, and 3.2.0 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
6.5
6.5
2018-10-04 CVE-2018-1670 Information Exposure vulnerability in IBM Financial Transaction Manager 3.0.2.0/3.0.2.1
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive product configuration information from log files.
network
low complexity
ibm CWE-200
4.0
4.0
2018-03-30 CVE-2018-1390 Cross-site Scripting vulnerability in IBM Financial Transaction Manager
IBM Financial Transaction Manager for Check Services for Multi-Platform 3.0, 3.0.2, and 3.0.2.1 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2018-02-21 CVE-2017-1758 XXE vulnerability in IBM products
IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
5.5
5.5
2017-10-10 CVE-2017-1538 Information Exposure vulnerability in IBM Financial Transaction Manager 3.0.2.0/3.0.2.1
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL.
network
low complexity
ibm CWE-200
4.0
4.0
2017-04-14 CVE-2017-1152 Session Fixation vulnerability in IBM Financial Transaction Manager 3.0.1.0/3.0.2.0
IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system.
network
low complexity
ibm CWE-384
4.0
4.0