Vulnerabilities > IBM > Financial Transaction Manager > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-25 CVE-2023-49880 Unspecified vulnerability in IBM Financial Transaction Manager 3.2.4
In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable.
network
low complexity
ibm
7.5
2023-03-10 CVE-2020-5002 Improper Input Validation vulnerability in IBM Financial Transaction Manager
IBM Financial Transaction Manager 3.2.0 through 3.2.10 could allow an authenticated user to perform unauthorized actions due to improper validation.
network
low complexity
ibm CWE-20
8.8
2023-03-01 CVE-2020-5001 Path Traversal vulnerability in IBM Financial Transaction Manager
IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
7.5
2023-03-01 CVE-2020-5026 Unspecified vulnerability in IBM Financial Transaction Manager
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm
7.5
2022-02-02 CVE-2021-39044 Cross-Site Request Forgery (CSRF) vulnerability in IBM Financial Transaction Manager 3.2.4
IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2022-02-02 CVE-2021-39066 Session Fixation vulnerability in IBM Financial Transaction Manager 3.2.4
IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
network
low complexity
ibm CWE-384
8.8
2019-05-10 CVE-2018-1790 Cross-Site Request Forgery (CSRF) vulnerability in IBM Financial Transaction Manager 3.0.2.0/3.0.2.1
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2018-10-04 CVE-2018-1819 SQL Injection vulnerability in IBM Financial Transaction Manager
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2, 3.0.4, 3.0.6, and 3.2.0 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
8.8
2018-03-09 CVE-2016-0272 Cross-Site Request Forgery (CSRF) vulnerability in IBM Financial Transaction Manager
Cross-site request forgery (CSRF) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors.
network
low complexity
ibm CWE-352
8.0
2018-02-21 CVE-2017-1758 XXE vulnerability in IBM products
IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1