CVE-2022-43872 IBM Financial Transaction Manager information disclosure

IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information e.g. event log entries about the FTM SWIFT system. IBM X-Force ID: 239708...

Design/Logic Flaw

IBM Financial Transaction Manager FTM for Multi-Platform MP v2.0.0.0 through 2.0.0.5, v2.1.0.0 through 2.1.0.4, v2.1.1.0 through 2.1.1.4, and v3.0.0.0 through 3.0.0.8 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request...

Security Bulletin: There are potential Cross Site Scripting (XSS) vulnerabilities in the Duplicate Detect component in Financial Transaction Manager (FTM) for Check Services (CVE-2018-1390)

Summary There are potential Cross Site Scripting XSS vulnerabilities in the Duplicate Detect component in Financial Transaction Manager FTM for Check Services Vulnerability Details CVEID: CVE-2018-1390 DESCRIPTION: IBM Financial Transaction Manager for Check Services for Multi-Platform is...

Information disclosure

IBM Financial Transaction Manager FTM for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager FTM for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager FTM for Corporate Payment Services CPS for...

Sql injection

IBM Financial Transaction Manager FTM for Multi-Platform MP 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID:...

Code injection

Payments Director in IBM Financial Transaction Manager FTM for ACH Services, Check Services, and Corporate Payment Services CPS 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site...

Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability

Description Apache Struts is prone to a remote code-execution vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts may cause a denial-of-service condition. Apache Struts 1.0 through...

CVE-2016-0232

IBM Financial Transaction Manager FTM for ACH Services, Check Services and Corporate Payment Services CPS 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by reading README files...

Code injection

IBM Financial Transaction Manager FTM for ACH Services, Check Services and Corporate Payment Services CPS 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by reading exception details in error logs...

CVE-2014-0832

Multiple cross-site scripting XSS vulnerabilities in configuration-details screens in the OAC component in IBM Financial Transaction Manager FTM 2.0 before 2.0.0.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted text value...