Ibm Transformation Extender Advanced vulnerabilities

7 known vulnerabilities affecting ibm/transformation_extender_advanced.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2023-49886CRITICALCVSS 9.8v10.0.1v10.0.1.102025-10-06
CVE-2023-49886 [CRITICAL] CWE-502 CVE-2023-49886: IBM Standards Processing Engine 10.0.1.10 could allow a remote attacker to execute arbitrary code on IBM Standards Processing Engine 10.0.1.10 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe java deserialization. By sending specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
cvelistv5nvd
CVE-2023-49883HIGHCVSS 7.5v10.0.12025-10-01
CVE-2023-49883 [MEDIUM] CWE-521 CVE-2023-49883: IBM Transformation Extender Advanced 10.0.1 does not require that users should have strong pas IBM Transformation Extender Advanced 10.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
cvelistv5nvd
CVE-2023-49881HIGHCVSS 8.8v10.0.12025-10-01
CVE-2023-49881 [MEDIUM] CWE-613 CVE-2023-49881: IBM Transformation Extender Advanced 10.0.1 does not invalidate session after logout which could a IBM Transformation Extender Advanced 10.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
cvelistv5nvd
CVE-2023-50300MEDIUMCVSS 6.2v10.0.12025-10-01
CVE-2023-50300 [MEDIUM] CWE-284 CVE-2023-50300: IBM Transformation Extender Advanced 10.0.1 could allow a local user to perform unauthorized act IBM Transformation Extender Advanced 10.0.1 could allow a local user to perform unauthorized actions due to improper access controls.
cvelistv5nvd
CVE-2023-50301MEDIUMCVSS 4.4v10.0.12025-10-01
CVE-2023-50301 [LOW] CWE-532 CVE-2023-50301: IBM Transformation Extender Advanced 10.0.1 stores potentially sensitive information in log files th IBM Transformation Extender Advanced 10.0.1 stores potentially sensitive information in log files that could be read by a local user.
cvelistv5nvd
CVE-2021-29883MEDIUMCVSS 4.3≥ 9.0.0.0, < 9.0.2.5≥ 10.0.0, < 10.0.15+2 more2021-10-21
CVE-2021-29883 [MEDIUM] CWE-311 CVE-2021-29883: IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the
cvelistv5nvd
CVE-2017-1758HIGHCVSS 7.1v9.02018-02-21
CVE-2017-1758 [HIGH] CWE-611 CVE-2017-1758: IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6. IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to ex
cvelistv5nvd