Vulnerabilities > IBM > Financial Transaction Manager
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-02 | CVE-2021-39066 | Session Fixation vulnerability in IBM Financial Transaction Manager 3.2.4 IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session identifier gives an attacker the opportunity to steal authenticated sessions. | 6.5 |
| 2021-09-14 | CVE-2021-29841 | Cross-site Scripting vulnerability in IBM Financial Transaction Manager 3.2.4 IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. | 5.4 |
| 2021-06-15 | CVE-2020-5000 | Cross-site Scripting vulnerability in IBM Financial Transaction Manager 3.0.2/3.2.4 IBM Financial Transaction Manager 3.2.0 through 3.2.8 is vulnerable to cross-site scripting. | 5.4 |
| 2021-06-11 | CVE-2020-5003 | XXE vulnerability in IBM Financial Transaction Manager 3.2.4 IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 6.4 |
| 2020-12-21 | CVE-2020-4555 | Session Fixation vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 5.5 |
| 2020-08-03 | CVE-2020-4560 | Cross-site Scripting vulnerability in IBM Financial Transaction Manager 3.2.4.0 IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. | 4.3 |
| 2019-05-10 | CVE-2018-1790 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Financial Transaction Manager 3.0.2.0/3.0.2.1 IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.8 |
| 2019-03-05 | CVE-2019-4032 | SQL Injection vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection. | 9.8 |
| 2019-01-23 | CVE-2018-2026 | Information Exposure vulnerability in IBM Financial Transaction Manager 3.2.1.0 IBM Financial Transaction Manager 3.2.1 for Digital Payments could allow an authenticated user to obtain a directory listing of internal product files. | 4.0 |
| 2018-12-06 | CVE-2018-1871 | Cross-site Scripting vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2, and 3.0.5 is vulnerable to cross-site scripting. | 3.5 |