Financial Transaction Manager Security Vulnerabilities and Issues — Financial Transaction Manager CVE List

Lucene search

IbmFinancial Transaction Manager

8 matches found

CVE•added 2019/12/20 5:15 p.m.•64 views

CVE-2019-4736

IBM Financial Transaction Manager 3.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 172706.

4.3CVSS5.5AI score0.00129EPSS

CVE•added 2019/12/20 5:15 p.m.•63 views

CVE-2019-4742

IBM Financial Transaction Manager 3.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against ...

6.1CVSS6.6AI score0.00217EPSS

CVE•added 2019/12/20 5:15 p.m.•55 views

CVE-2019-4743

IBM Financial Transaction Manager 3.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link an...

4.3CVSS5AI score0.00133EPSS

CVE•added 2019/12/20 5:15 p.m.•55 views

CVE-2019-4744

IBM Financial Transaction Manager 3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172882.

6.1CVSS5.9AI score0.00288EPSS

CVE•added 2019/01/23 4:0 p.m.•34 views

CVE-2018-2026

IBM Financial Transaction Manager 3.2.1 for Digital Payments could allow an authenticated user to obtain a directory listing of internal product files. IBM X-Force ID: 155552.

4.3CVSS4.2AI score0.00183EPSS

CVE•added 2019/03/05 6:29 p.m.•34 views

CVE-2019-4032

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-ForceID: 155998.

9.8CVSS9.6AI score0.00358EPSS

CVE•added 2019/05/10 3:29 p.m.•33 views

CVE-2018-1790

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 148944.

8.8CVSS8.4AI score0.00094EPSS

CVE•added 2019/09/18 3:15 p.m.•33 views

CVE-2018-1847

IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) v2.0.0.0 through 2.0.0.5, v2.1.0.0 through 2.1.0.4, v2.1.1.0 through 2.1.1.4, and v3.0.0.0 through 3.0.0.8 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request cont...

6.5CVSS6.3AI score0.00311EPSS