EUVD-2014-0863

Malware in sbrugna...

CVE-2014-0831

Cross-site request forgery CSRF vulnerability in the OAC component in IBM Financial Transaction Manager FTM 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that modify configuration data...

Design/Logic Flaw

The OAC component in IBM Financial Transaction Manager FTM 2.0 before 2.0.0.3 does not properly enforce operator-intervention requirements, which allows remote authenticated users to bypass intended access restrictions via an unspecified process step...

Directory traversal

Directory traversal vulnerability in the table-export implementation in the OAC component in IBM Financial Transaction Manager FTM 2.0 before 2.0.0.3 and 2.1 before 2.1.0.1 allows remote authenticated users to read arbitrary files via a modified pathname...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in configuration-details screens in the OAC component in IBM Financial Transaction Manager FTM 2.0 before 2.0.0.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted text value...

CVE-2014-0833

The OAC component in IBM Financial Transaction Manager FTM 2.0 before 2.0.0.3 does not properly enforce operator-intervention requirements, which allows remote authenticated users to bypass intended access restrictions via an unspecified process step...

CVE-2014-0832

IBM Financial Transaction Manager 2.0/2.1 OAC contains cross-site scripting vulnerabilities in the configuration-details screens. Root cause: injected JavaScript/HTML via crafted text values; impacts authenticated users viewing those records. CVSS base 3.5. Affected: FTM 2.0 (and 2.1). Remediatio...