4188 matches found
CVE-2014-0830
Directory traversal vulnerability in the table-export implementation in the OAC component in IBM Financial Transaction Manager FTM 2.0 before 2.0.0.3 and 2.1 before 2.1.0.1 allows remote authenticated users to read arbitrary files via a modified pathname...
CVE-2014-0833
The OAC component in IBM Financial Transaction Manager FTM 2.0 before 2.0.0.3 does not properly enforce operator-intervention requirements, which allows remote authenticated users to bypass intended access restrictions via an unspecified process step...
CVE-2014-0831
Cross-site request forgery CSRF vulnerability in the OAC component in IBM Financial Transaction Manager FTM 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that modify configuration data...
Design/Logic Flaw
The OAC component in IBM Financial Transaction Manager FTM 2.0 before 2.0.0.3 does not properly enforce operator-intervention requirements, which allows remote authenticated users to bypass intended access restrictions via an unspecified process step...
Directory traversal
Directory traversal vulnerability in the table-export implementation in the OAC component in IBM Financial Transaction Manager FTM 2.0 before 2.0.0.3 and 2.1 before 2.1.0.1 allows remote authenticated users to read arbitrary files via a modified pathname...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the OAC component in IBM Financial Transaction Manager FTM 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that modify configuration data...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in configuration-details screens in the OAC component in IBM Financial Transaction Manager FTM 2.0 before 2.0.0.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted text value...
CVE-2014-0830
Directory traversal vulnerability in the table-export implementation in the OAC component in IBM Financial Transaction Manager FTM 2.0 before 2.0.0.3 and 2.1 before 2.1.0.1 allows remote authenticated users to read arbitrary files via a modified pathname...
CVE-2014-0831
Cross-site request forgery CSRF vulnerability in the OAC component in IBM Financial Transaction Manager FTM 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that modify configuration data...
CVE-2014-0833
The OAC component in IBM Financial Transaction Manager FTM 2.0 before 2.0.0.3 does not properly enforce operator-intervention requirements, which allows remote authenticated users to bypass intended access restrictions via an unspecified process step...
CVE-2014-0833
IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 is affected by CVE-2014-0833 where the OAC component does not properly enforce operator-intervention requirements, allowing an authenticated remote user to bypass intended access restrictions via an unspecified process step. The affected ...
CVE-2014-0832
Multiple cross-site scripting XSS vulnerabilities in configuration-details screens in the OAC component in IBM Financial Transaction Manager FTM 2.0 before 2.0.0.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted text value...
CVE-2014-0832
IBM Financial Transaction Manager 2.0/2.1 OAC contains cross-site scripting vulnerabilities in the configuration-details screens. Root cause: injected JavaScript/HTML via crafted text values; impacts authenticated users viewing those records. CVSS base 3.5. Affected: FTM 2.0 (and 2.1). Remediatio...
CVE-2014-0831
CVE-2014-0831: IBM Financial Transaction Manager (FTM) 2.0 OAC is vulnerable to Cross-Site Request Forgery. An authenticated attacker could trigger edits to configuration data. Affected product: FTM 2.0 (OAC). Root cause: CSRF in the OAC component. Impact: potential unauthorized configuration cha...
Threat Outbreak Alert: Fake Transaction Details Notification Email Messages on January 21, 2014
Medium Alert ID: 32515 First Published: 2014 January 22 16:58 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain transaction details for the recipient. The text in the email message attempts to convince the recipient to ope...
Threat Outbreak Alert: Fake Transaction Notification Email Messages on January 13, 2014
Medium Alert ID: 32414 First Published: 2014 January 14 15:34 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain transaction details for the recipient. The text in the email message attempts to convince the recipient to ope...
Threat Outbreak Alert: Fake Transaction Processing Failure Notification Email Messages on January 9, 2014
Medium Alert ID: 32393 First Published: 2014 January 9 21:22 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a failed transaction notice for the recipient. The text in the email message attempts to convince the recipient...
Threat Outbreak Alert: Fake Bank Transaction Document Email Messages on December 4, 2013
Medium Alert ID: 32015 First Published: 2013 December 4 22:29 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a bank transaction notification for the recipient. The text in the email message attempts to convince the...
Threat Outbreak Alert: Fake Financial Transaction Notification Email Messages on November 25, 2013
Medium Alert ID: 31883 First Published: 2013 November 25 14:39 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain financial transaction details for the recipient. The text in the email message attempts to convince the...
Threat Outbreak Alert: Fake Financial Transaction Email Messages on November 24, 2013
Medium Alert ID: 31888 First Published: 2013 November 25 14:27 GMT Version: 1 Summary Cisco Security has detected significant activity related to Portuguese-language spam email messages that claim to contain an invoice notification for the recipient. The text in the email message attempts to...