Vulnerabilities > IBM > Financial Transaction Manager > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-23 | CVE-2018-2026 | Information Exposure vulnerability in IBM Financial Transaction Manager 3.2.1.0 IBM Financial Transaction Manager 3.2.1 for Digital Payments could allow an authenticated user to obtain a directory listing of internal product files. | 4.0 |
| 2018-10-04 | CVE-2018-1819 | SQL Injection vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2, 3.0.4, 3.0.6, and 3.2.0 is vulnerable to SQL injection. | 6.5 |
| 2018-10-04 | CVE-2018-1670 | Information Exposure vulnerability in IBM Financial Transaction Manager 3.0.2.0/3.0.2.1 IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive product configuration information from log files. | 4.0 |
| 2018-06-13 | CVE-2018-1393 | Information Exposure vulnerability in IBM Financial Transaction Manager 3.0.6.0 IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.6 could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. | 4.0 |
| 2018-03-09 | CVE-2016-0276 | Improper Input Validation vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object. | 6.5 |
| 2018-03-09 | CVE-2016-0272 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Financial Transaction Manager Cross-site request forgery (CSRF) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors. | 6.0 |
| 2018-03-09 | CVE-2016-0268 | XXE vulnerability in IBM Financial Transaction Manager XML external entity (XXE) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote authenticated users to obtain sensitive information via crafted XML data. | 4.0 |
| 2018-02-22 | CVE-2018-1391 | Unspecified vulnerability in IBM Financial Transaction Manager 3.0.4.0/3.1.0.0 IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could cause a denial of service. | 4.0 |
| 2018-02-21 | CVE-2017-1758 | XXE vulnerability in IBM products IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
| 2017-12-11 | CVE-2017-1606 | SQL Injection vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. | 6.5 |