Vulnerabilities > IBM > Financial Transaction Manager > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-20 | CVE-2022-43872 | Incorrect Authorization vulnerability in IBM Financial Transaction Manager 3.2.4 IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. | 5.3 |
| 2022-12-20 | CVE-2022-43875 | Improper Input Validation vulnerability in IBM Financial Transaction Manager 3.2.4 IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or managing these authorizations. | 5.5 |
| 2021-09-14 | CVE-2021-29841 | Cross-site Scripting vulnerability in IBM Financial Transaction Manager 3.2.4 IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. | 5.4 |
| 2021-06-15 | CVE-2020-5000 | Cross-site Scripting vulnerability in IBM Financial Transaction Manager 3.0.2/3.2.4 IBM Financial Transaction Manager 3.2.0 through 3.2.8 is vulnerable to cross-site scripting. | 5.4 |
| 2020-12-21 | CVE-2020-4555 | Session Fixation vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 5.4 |
| 2020-08-03 | CVE-2020-4560 | Cross-site Scripting vulnerability in IBM Financial Transaction Manager 3.2.4.0 IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. | 6.1 |
| 2019-01-23 | CVE-2018-2026 | Information Exposure vulnerability in IBM Financial Transaction Manager 3.2.1.0 IBM Financial Transaction Manager 3.2.1 for Digital Payments could allow an authenticated user to obtain a directory listing of internal product files. | 4.3 |
| 2018-12-06 | CVE-2018-1871 | Cross-site Scripting vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2, and 3.0.5 is vulnerable to cross-site scripting. | 5.4 |
| 2018-10-04 | CVE-2018-1670 | Information Exposure vulnerability in IBM Financial Transaction Manager 3.0.2.0/3.0.2.1 IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive product configuration information from log files. | 4.3 |
| 2018-06-13 | CVE-2018-1393 | Information Exposure vulnerability in IBM Financial Transaction Manager 3.0.6.0 IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.6 could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. | 4.3 |