Total
                    46 CVE
                
            | CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 | 
|---|---|---|---|---|---|
| CVE-2017-1152 | 1 Ibm | 1 Financial Transaction Manager | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM | 
| IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 122293. | |||||
| CVE-2017-1538 | 1 Ibm | 1 Financial Transaction Manager | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM | 
| IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735. | |||||
| CVE-2017-1606 | 1 Ibm | 1 Financial Transaction Manager | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH | 
| IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 132926. | |||||
| CVE-2017-1160 | 1 Ibm | 1 Financial Transaction Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM | 
| IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122892. | |||||
| CVE-2014-8917 | 1 Ibm | 4 Financial Transaction Manager, Financial Transaction Manager For Check Services, Financial Transaction Manager For Corporate Payment Services and 1 more | 2025-04-12 | 4.3 MEDIUM | N/A | 
| Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3) dojox/av/resources/audio.swf, and (4) dojox/av/resources/video.swf in the IBM Dojo Toolkit, as used in IBM Social Media Analytics 1.3 before IF11 and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-0231 | 1 Ibm | 1 Financial Transaction Manager | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM | 
| IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by reading exception details in error logs. | |||||
| CVE-2016-0232 | 1 Ibm | 1 Financial Transaction Manager | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM | 
| IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by reading README files. | |||||
| CVE-2016-3060 | 1 Ibm | 1 Financial Transaction Manager | 2025-04-12 | 3.5 LOW | 5.7 MEDIUM | 
| Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site. | |||||
| CVE-2016-5920 | 1 Ibm | 1 Financial Transaction Manager | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM | 
| Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financial Transaction Manager (FTM) for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-0831 | 1 Ibm | 1 Financial Transaction Manager | 2025-04-11 | 6.8 MEDIUM | N/A | 
| Cross-site request forgery (CSRF) vulnerability in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that modify configuration data. | |||||
| CVE-2014-0832 | 1 Ibm | 1 Financial Transaction Manager | 2025-04-11 | 3.5 LOW | N/A | 
| Multiple cross-site scripting (XSS) vulnerabilities in configuration-details screens in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted text value. | |||||
| CVE-2014-0830 | 1 Ibm | 1 Financial Transaction Manager | 2025-04-11 | 4.0 MEDIUM | N/A | 
| Directory traversal vulnerability in the table-export implementation in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 and 2.1 before 2.1.0.1 allows remote authenticated users to read arbitrary files via a modified pathname. | |||||
| CVE-2014-0833 | 1 Ibm | 1 Financial Transaction Manager | 2025-04-11 | 5.5 MEDIUM | N/A | 
| The OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 does not properly enforce operator-intervention requirements, which allows remote authenticated users to bypass intended access restrictions via an unspecified process step. | |||||
| CVE-2023-49880 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | N/A | 7.5 HIGH | 
| In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. However, an attacker might modify these elements of a business transaction. IBM X-Force ID: 273183. | |||||
| CVE-2023-35892 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | N/A | 7.1 HIGH | 
| IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 258786. | |||||
| CVE-2022-43875 | 2 Ibm, Linux | 4 Aix, Financial Transaction Manager, Linux On Ibm Z and 1 more | 2024-11-21 | N/A | 6.2 MEDIUM | 
| IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or managing these authorizations. IBM X-Force ID: 240034. | |||||
| CVE-2022-43872 | 2 Ibm, Linux | 4 Aix, Financial Transaction Manager, Linux On Ibm Z and 1 more | 2024-11-21 | N/A | 5.3 MEDIUM | 
| IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. event log entries) about the FTM SWIFT system. IBM X-Force ID: 239708. | |||||
| CVE-2021-39066 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH | 
| IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session identifier gives an attacker the opportunity to steal authenticated sessions. IBM X-Force ID: 215040. | |||||
| CVE-2021-39044 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH | 
| IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 214210. | |||||
| CVE-2021-29841 | 2 Ibm, Linux | 5 Aix, Financial Transaction Manager, Linux On Ibm Z and 2 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM | 
| IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205045. | |||||
