Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMFF7B85BB14421499DE79259DFE384C4F62D3FD42CF4630CD1051E34DE6721D77
HistoryJan 16, 2020 - 1:35 p.m.

Security Bulletin: Various security vulnerabilities in IBM Financial Transaction Manager for SWIFT Services

2020-01-1613:35:21
www.ibm.com
10

0.005 Low

EPSS

Percentile

77.0%

JSON

Summary

Various security vulnerabilities in IBM Financial Transaction Manager for SWIFT Services could allow a remote attacker to gain access to unauthorized actions and data.

Vulnerability Details

CVEID:CVE-2018-15494
**DESCRIPTION:**In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/148556 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:CVE-2019-4742
**DESCRIPTION:**IBM Financial Transaction Manager could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172877 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:CVE-2019-4744
**DESCRIPTION:**IBM Financial Transaction Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172882 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:CVE-2019-4743
**DESCRIPTION:**IBM Financial Transaction Manager does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172880 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)

CVEID:CVE-2019-4736
**DESCRIPTION:**IBM Financial Transaction Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172706 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.0.0

Remediation/Fixes

Install Fix Pack 13 of IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.0.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm financial transaction managereq3.0

Related

openvas 1
ubuntucve 1
ibm 30
cvelist 5
redhatcve 1
osv 3
cve 5
veracode 1
debian 1
nvd 5
prion 5
debiancve 1
github 1
packetstorm 1
nessus 1
zdt 1
openvas
openvas
Debian: Security Advisory (DLA-1492-1)
2018-09-03 00:00:00
ubuntucve
ubuntucve
CVE-2018-15494
2018-08-18 00:00:00
ibm
ibm
Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-15494)
2019-10-28 16:30:15
Security Bulletin: Potential vulnerability in Dojo affect IBM Operations Analytics - Log Analysis (CVE-2018-15494)
2022-11-07 11:12:59
Security Bulletin: XSS vulerability in Dojo affects IBM Tivoli Business Service Manager (CVE-2018-15494)
2021-11-05 21:06:45
cvelist
cvelist
CVE-2018-15494
2018-08-18 02:00:00
CVE-2019-4742
2019-12-19 00:00:00
CVE-2019-4736
2019-12-19 00:00:00
redhatcve
redhatcve
CVE-2018-15494
2018-08-23 05:54:01
osv
osv
CVE-2018-15494
2018-08-18 02:29:01
dojox vulnerable to unescaped string injection
2018-10-15 22:03:48
dojo - security update
2018-09-03 00:00:00
cve
cve
CVE-2018-15494
2018-08-18 02:29:01
CVE-2019-4742
2019-12-20 17:15:12
CVE-2019-4743
2019-12-20 17:15:12
veracode
veracode
Cross-Site Scripting (XSS)
2018-08-20 07:17:16
debian
debian
[SECURITY] [DLA 1492-1] dojo security update
2018-09-03 08:06:10
nvd
nvd
CVE-2018-15494
2018-08-18 02:29:01
CVE-2019-4742
2019-12-20 17:15:12
CVE-2019-4743
2019-12-20 17:15:12
prion
prion
Sql injection
2018-08-18 02:29:00
Design/Logic Flaw
2019-12-20 17:15:00
Cross site request forgery (csrf)
2019-12-20 17:15:00
debiancve
debiancve
CVE-2018-15494
2018-08-18 02:29:01
github
github
dojox vulnerable to unescaped string injection
2018-10-15 22:03:48
packetstorm
packetstorm
Dojo Toolkit 1.13 Cross Site Scripting
2018-08-27 00:00:00
nessus
nessus
Debian DLA-1492-1 : dojo security update
2018-09-04 00:00:00
zdt
zdt
Dojo Toolkit 1.13 Cross Site Scripting Vulnerability
2018-08-28 00:00:00

0.005 Low

EPSS

Percentile

77.0%

JSON
Related for FF7B85BB14421499DE79259DFE384C4F62D3FD42CF4630CD1051E34DE6721D77
openvas1ubuntucve1ibm30cvelist5redhatcve1osv3cve5veracode1debian1nvd5prion5debiancve1github1packetstorm1nessus1zdt1