Vulnerabilities > IBM > Financial Transaction Manager

DATE CVE VULNERABILITY TITLE RISK
2018-02-22 CVE-2018-1392 Information Exposure vulnerability in IBM Financial Transaction Manager 3.0.4.0/3.1.0.0
IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could obtain sensitive information.
network
high complexity
ibm CWE-200
3.1
2018-02-22 CVE-2018-1391 Unspecified vulnerability in IBM Financial Transaction Manager 3.0.4.0/3.1.0.0
IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could cause a denial of service.
network
low complexity
ibm
6.5
2018-02-21 CVE-2017-1758 XXE vulnerability in IBM products
IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
2017-12-11 CVE-2017-1606 SQL Injection vulnerability in IBM Financial Transaction Manager
IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
8.8
2017-10-10 CVE-2017-1538 Information Exposure vulnerability in IBM Financial Transaction Manager 3.0.2.0/3.0.2.1
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL.
network
low complexity
ibm CWE-200
6.5
2017-04-17 CVE-2017-1160 Cross-site Scripting vulnerability in IBM Financial Transaction Manager
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.0.x is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-04-14 CVE-2017-1152 Session Fixation vulnerability in IBM Financial Transaction Manager 3.0.1.0/3.0.2.0
IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system.
network
low complexity
ibm CWE-384
4.3
2016-10-29 CVE-2016-5920 Cross-site Scripting vulnerability in IBM Financial Transaction Manager
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financial Transaction Manager (FTM) for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ibm CWE-79
5.4
2016-10-29 CVE-2016-3060 Improper Access Control vulnerability in IBM Financial Transaction Manager
Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.
network
low complexity
ibm CWE-284
5.7
2016-02-15 CVE-2016-0232 Information Exposure vulnerability in IBM Financial Transaction Manager
IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by reading README files.
network
low complexity
ibm CWE-200
4.3