Ibm Financial Transaction Manager vulnerabilities

CVE-2016-0275 [LOW] CWE-200 CVE-2016-0275: IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x befo IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows

CVE-2018-1391 [MEDIUM] CVE-2018-1391: IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could cause a denial of service. IBM X-Force ID: 138376.

CVE-2018-1392 [LOW] CWE-200 CVE-2018-1392: IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. IBM X-Force ID: 138377.

CVE-2017-1758 [HIGH] CWE-611 CVE-2017-1758: IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6. IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to ex

CVE-2017-1606 [HIGH] CWE-89 CVE-2017-1606: IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerabl IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 132926.

CVE-2017-1538 [MEDIUM] CWE-200 CVE-2017-1538: IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authentic IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735.

CVE-2017-1160 [MEDIUM] CWE-79 CVE-2017-1160: IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.0.x is vulnerable to cross IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122892.

CVE-2017-1152 [MEDIUM] CWE-384 CVE-2017-1152: IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each r IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 122293.

CVE-2016-5920 [MEDIUM] CWE-79 CVE-2016-5920: Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financial Transaction Manager (FTM) fo Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financial Transaction Manager (FTM) for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVE-2016-3060 [MEDIUM] CWE-284 CVE-2016-3060: Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and C Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.

CVE-2016-0231 [MEDIUM] CWE-200 CVE-2016-0231: IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Servi IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by reading exception details in error logs.

CVE-2016-0232 [MEDIUM] CWE-200 CVE-2016-0232: IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Servi IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by reading README files.

CVE-2014-8917 [MEDIUM] CWE-79 CVE-2014-8917: Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka up Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3) dojox/av/resources/audio.swf, and (4) dojox/av/resources/video.swf in the IBM Dojo Toolkit, as used in IBM Social Media Analytics 1.3 before IF11 and other products, allow rem

CVE-2014-0833 [MEDIUM] CWE-264 CVE-2014-0833: The OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 does not properly en The OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 does not properly enforce operator-intervention requirements, which allows remote authenticated users to bypass intended access restrictions via an unspecified process step.

CVE-2014-0830 [MEDIUM] CWE-22 CVE-2014-0830: Directory traversal vulnerability in the table-export implementation in the OAC component in IBM Fin Directory traversal vulnerability in the table-export implementation in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 and 2.1 before 2.1.0.1 allows remote authenticated users to read arbitrary files via a modified pathname.

CVE-2014-0831 [MEDIUM] CWE-352 CVE-2014-0831: Cross-site request forgery (CSRF) vulnerability in the OAC component in IBM Financial Transaction Ma Cross-site request forgery (CSRF) vulnerability in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that modify configuration data.

CVE-2014-0832 [LOW] CWE-79 CVE-2014-0832: Multiple cross-site scripting (XSS) vulnerabilities in configuration-details screens in the OAC comp Multiple cross-site scripting (XSS) vulnerabilities in configuration-details screens in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted text value.