Ibm Financial Transaction Manager vulnerabilities

CVE-2020-4328 [MEDIUM] CWE-89 CVE-2020-4328: IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL injection. A remote attacker could send IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 177839.

CVE-2020-4560 [MEDIUM] CWE-79 CVE-2020-4560: IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability al IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2019-4742 [MEDIUM] CWE-1021 CVE-2019-4742: IBM Financial Transaction Manager 3.0 could allow a remote attacker to hijack the clicking action of IBM Financial Transaction Manager 3.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 172877.

CVE-2019-4743 [MEDIUM] CWE-319 CVE-2019-4743: IBM Financial Transaction Manager 3.0 does not set the secure attribute on authorization tokens or s IBM Financial Transaction Manager 3.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by sno

CVE-2019-4736 [MEDIUM] CWE-352 CVE-2019-4736: IBM Financial Transaction Manager 3.0 is vulnerable to cross-site request forgery which could allow IBM Financial Transaction Manager 3.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 172706.

CVE-2019-4744 [MEDIUM] CWE-79 CVE-2019-4744: IBM Financial Transaction Manager 3.0 is vulnerable to cross-site scripting. This vulnerability allo IBM Financial Transaction Manager 3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172882.

CVE-2018-1847 [MEDIUM] CWE-22 CVE-2018-1847: IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) v2.0.0.0 through 2.0.0.5, v2.1.0.0 t IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) v2.0.0.0 through 2.0.0.5, v2.1.0.0 through 2.1.0.4, v2.1.1.0 through 2.1.1.4, and v3.0.0.0 through 3.0.0.8 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary fil

CVE-2018-1790 [MEDIUM] CWE-352 CVE-2018-1790: IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2 is vulnerable to cro IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 148944.

CVE-2019-4032 [CRITICAL] CWE-89 CVE-2019-4032: IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-ForceID: 155998.

CVE-2018-2026 [MEDIUM] CWE-200 CVE-2018-2026: IBM Financial Transaction Manager 3.2.1 for Digital Payments could allow an authenticated user to ob IBM Financial Transaction Manager 3.2.1 for Digital Payments could allow an authenticated user to obtain a directory listing of internal product files. IBM X-Force ID: 155552.

CVE-2018-1871 [MEDIUM] CWE-79 CVE-2018-1871: IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2, and 3.0.5 is IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2, and 3.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 151329.

CVE-2018-1819 [MEDIUM] CWE-89 CVE-2018-1819: IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2, 3.0.4, 3.0.6, and 3 IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2, 3.0.4, 3.0.6, and 3.2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-force ID: 150023.

CVE-2018-1670 [LOW] CWE-200 CVE-2018-1670: IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authentic IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive product configuration information from log files. IBM X-Force ID: 144946.

CVE-2018-1393 [LOW] CWE-200 CVE-2018-1393: IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.6 could allow an authentic IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.6 could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. IBM X-Force ID: 138378.

CVE-2018-1390 [MEDIUM] CWE-79 CVE-2018-1390: IBM Financial Transaction Manager for Check Services for Multi-Platform 3.0, 3.0.2, and 3.0.2.1 is v IBM Financial Transaction Manager for Check Services for Multi-Platform 3.0, 3.0.2, and 3.0.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138221.

CVE-2016-0272 [HIGH] CWE-352 CVE-2016-0272: Cross-site request forgery (CSRF) vulnerability in IBM Financial Transaction Manager (FTM) for ACH S Cross-site request forgery (CSRF) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Mul

CVE-2016-0276 [MEDIUM] CWE-20 CVE-2016-0276: IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x befo IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allo

CVE-2016-0268 [MEDIUM] CWE-611 CVE-2016-0268: XML external entity (XXE) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services XML external entity (XXE) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Plat

CVE-2016-0253 [MEDIUM] CWE-79 CVE-2016-0253: Cross-site scripting (XSS) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services Cross-site scripting (XSS) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Pla

CVE-2016-0274 [MEDIUM] CWE-254 CVE-2016-0274: IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x befo IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 all