Skip to main content

Financial Transaction Manager

28 CVEs product

Monthly

CVE-2023-49880 HIGH This Week

In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Financial Transaction Manager
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-35892 CRITICAL Act Now

IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Financial Transaction Manager
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2022-43875 MEDIUM PATCH This Month

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Denial Of Service Financial Transaction Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-43872 MEDIUM PATCH This Month

IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass IBM Financial Transaction Manager
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2021-29841 MEDIUM This Month

IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Financial Transaction Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-4555 MEDIUM PATCH This Month

IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM Session Fixation Information Disclosure Financial Transaction Manager
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-4560 MEDIUM This Month

IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Financial Transaction Manager
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-4032 CRITICAL PATCH Act Now

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi IBM Financial Transaction Manager
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2018-1871 MEDIUM PATCH This Month

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2, and 3.0.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Financial Transaction Manager
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-1819 HIGH PATCH This Week

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2, 3.0.4, 3.0.6, and 3.2.0 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Financial Transaction Manager
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-1670 MEDIUM PATCH This Month

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive product configuration information from log files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Financial Transaction Manager
NVD
CVSS 3.0
4.3
EPSS
1.2%
CVE-2018-1393 MEDIUM PATCH This Month

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.6 could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Financial Transaction Manager
NVD
CVSS 3.0
4.3
EPSS
1.2%
CVE-2018-1390 MEDIUM PATCH This Month

IBM Financial Transaction Manager for Check Services for Multi-Platform 3.0, 3.0.2, and 3.0.2.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Financial Transaction Manager
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-1392 LOW PATCH Monitor

IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Financial Transaction Manager
NVD
CVSS 3.0
3.1
EPSS
0.6%
CVE-2018-1391 MEDIUM PATCH This Month

IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Financial Transaction Manager
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2017-1606 HIGH This Week

IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Financial Transaction Manager
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-1538 MEDIUM This Month

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Financial Transaction Manager
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2017-1160 MEDIUM PATCH This Month

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.0.x is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Financial Transaction Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1152 MEDIUM PATCH This Month

IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Session Fixation IBM Information Disclosure Financial Transaction Manager
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2016-5920 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financial Transaction Manager (FTM) for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Financial Transaction Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-3060 MEDIUM PATCH This Month

Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Financial Transaction Manager
NVD
CVSS 3.0
5.7
EPSS
0.2%
CVE-2016-0232 MEDIUM This Month

IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Financial Transaction Manager
NVD
CVSS 3.0
4.3
EPSS
0.3%
CVE-2016-0231 MEDIUM This Month

IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Financial Transaction Manager
NVD
CVSS 3.0
4.3
EPSS
0.3%
CVE-2014-8917 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Social Media Analytics Financial Transaction Manager Financial Transaction Manager For Check Services +1
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-0833 MEDIUM This Month

The OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 does not properly enforce operator-intervention requirements, which allows remote authenticated users to bypass. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Financial Transaction Manager
NVD
CVSS 2.0
5.5
EPSS
0.2%
CVE-2014-0832 LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in configuration-details screens in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allow remote authenticated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Financial Transaction Manager
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-0831 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF IBM Financial Transaction Manager
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-0830 MEDIUM This Month

Directory traversal vulnerability in the table-export implementation in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 and 2.1 before 2.1.0.1 allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal IBM Financial Transaction Manager
NVD
CVSS 2.0
4.0
EPSS
0.2%
EPSS 1% CVSS 7.5
HIGH This Week

In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Financial Transaction Manager
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Financial Transaction Manager
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Denial Of Service Financial Transaction Manager
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass IBM Financial Transaction Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Financial Transaction Manager
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM Session Fixation Information Disclosure +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Financial Transaction Manager
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi IBM Financial Transaction Manager
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2, and 3.0.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Financial Transaction Manager
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2, 3.0.4, 3.0.6, and 3.2.0 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Financial Transaction Manager
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive product configuration information from log files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Financial Transaction Manager
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.6 could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Financial Transaction Manager
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Financial Transaction Manager for Check Services for Multi-Platform 3.0, 3.0.2, and 3.0.2.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Financial Transaction Manager
NVD
EPSS 1% CVSS 3.1
LOW PATCH Monitor

IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Financial Transaction Manager
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Financial Transaction Manager
NVD
EPSS 1% CVSS 8.8
HIGH This Week

IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Financial Transaction Manager
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Financial Transaction Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.0.x is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Financial Transaction Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Session Fixation IBM Information Disclosure +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financial Transaction Manager (FTM) for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Financial Transaction Manager
NVD
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Financial Transaction Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Financial Transaction Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Financial Transaction Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Social Media Analytics +3
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 does not properly enforce operator-intervention requirements, which allows remote authenticated users to bypass. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Financial Transaction Manager
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in configuration-details screens in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allow remote authenticated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Financial Transaction Manager
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF IBM Financial Transaction Manager
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Directory traversal vulnerability in the table-export implementation in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 and 2.1 before 2.1.0.1 allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal IBM Financial Transaction Manager
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy