cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-49349,https://securityvulnerability.io/vulnerability/CVE-2024-49349,Stored Cross-Site Scripting in IBM Financial Transaction Manager for SWIFT Services,"The IBM Financial Transaction Manager for SWIFT Services versions 3.2.4.0 through 3.2.4.1 is susceptible to a stored cross-site scripting vulnerability. This issue permits authenticated users to inject arbitrary JavaScript code into the Web UI. Such exploitation can compromise the intended functionality of the application, leading to potential exposure of sensitive credentials during a trusted session. This vulnerability highlights the importance of implementing proper input validation and security measures to protect against such attacks.",IBM,Financial Transaction Manager For Swift Services For Multiplatforms,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-31T16:14:22.830Z,0
CVE-2024-49339,https://securityvulnerability.io/vulnerability/CVE-2024-49339,Stored Cross-Site Scripting Vulnerability in IBM Financial Transaction Manager for SWIFT Services,"IBM Financial Transaction Manager for SWIFT Services versions 3.2.4.0 to 3.2.4.1 contain a vulnerability that enables authenticated users to inject arbitrary JavaScript code into the web interface. This can lead to unintended alterations in the application's functionality, potentially compromising sensitive user credentials during trusted sessions. It is crucial for users and administrators to patch their systems to mitigate risks associated with this vulnerability and protect against possible exploitation.",IBM,Financial Transaction Manager For Swift Services For Multiplatforms,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-31T16:13:39.941Z,0
CVE-2023-49880,https://securityvulnerability.io/vulnerability/CVE-2023-49880,IBM Financial Transaction Manager for SWIFT Services data manipulation,The Message Entry and Repair (MER) facility within IBM Financial Transaction Manager for SWIFT Services version 3.2.4 has a vulnerability that allows an attacker to alter the sending address and message type of FIN messages. This ability to modify critical elements of business transactions poses a significant risk to the integrity of financial operations and data security. Proper safeguards should be implemented to prevent unauthorized modifications to transaction details.,IBM,Financial Transaction Manager for SWIFT Services,7.5,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2023-12-25T03:15:00.000Z,0
CVE-2023-35892,https://securityvulnerability.io/vulnerability/CVE-2023-35892,IBM Financial Transaction Manager for SWIFT Services XML external entity injection,"IBM Financial Transaction Manager for SWIFT Services version 3.2.4 is susceptible to an XML External Entity Injection (XXE) vulnerability. This issue arises when the application processes XML data, allowing a remote attacker to exploit the vulnerability to potentially expose sensitive information or exhaust system memory resources, compromising the integrity and confidentiality of the related transactions.",IBM,Financial Transaction Manager For Swift Services,7.1,HIGH,0.0014299999456852674,false,,false,false,false,,,false,false,,2023-09-05T00:15:00.000Z,0
CVE-2022-43871,https://securityvulnerability.io/vulnerability/CVE-2022-43871,IBM Financial Transaction Manager for SWIFT Services cross-site scripting,IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  239707.,IBM,Financial Transaction Manager For Swift Services,4.6,MEDIUM,0.0005099999834783375,false,,false,false,false,,,false,false,,2023-04-29T02:42:10.334Z,0
CVE-2020-4556,https://securityvulnerability.io/vulnerability/CVE-2020-4556,IBM Financial Transaction Manager information disclosure,IBM Financial Transaction Manager for High Value Payments for Multi-Platform 3.2.0 through 3.2.10 allows web pages to be stored locally which can be read by another user on the system.  IBM X-Force ID:  183329.,IBM,Financial Transaction Manager,4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-03-15T18:56:17.737Z,0
CVE-2020-5002,https://securityvulnerability.io/vulnerability/CVE-2020-5002,IBM Financial Transaction Manager security bypass,IBM Financial Transaction Manager 3.2.0 through 3.2.10 could allow an authenticated user to perform unauthorized actions due to improper validation.  IBM X-Force ID:  192954.,IBM,Financial Transaction Manager,4.3,MEDIUM,0.001339999958872795,false,,false,false,false,,,false,false,,2023-03-10T21:15:00.000Z,0
CVE-2020-5026,https://securityvulnerability.io/vulnerability/CVE-2020-5026,Information Disclosure in IBM Financial Transaction Manager for Digital Payments,"The IBM Financial Transaction Manager for Digital Payments presents a vulnerability where a remote attacker may gain access to sensitive information. This can occur when detailed technical error messages are displayed in a web browser, potentially allowing attackers to leverage this information for further system exploitation. Proper handling of error messages is essential to prevent the inadvertent exposure of critical data.",IBM,Financial Transaction Manager,4.3,MEDIUM,0.0014400000218302011,false,,false,false,false,,,false,false,,2023-03-01T21:28:02.073Z,0
CVE-2020-5001,https://securityvulnerability.io/vulnerability/CVE-2020-5001,IBM Financial Transaction Manager path traversal,"
IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing ""dot dot"" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 192953.

",IBM,Financial Transaction Manager,4.3,MEDIUM,0.001500000013038516,false,,false,false,false,,,false,false,,2023-03-01T21:10:10.518Z,0
CVE-2022-43875,https://securityvulnerability.io/vulnerability/CVE-2022-43875,IBM Financial Transaction Manager for SWIFT Services for Multiplatforms denial of service,"IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or managing these authorizations.  IBM X-Force ID:  240034.",IBM,Financial Transaction Manager For Swift Services For Multiplatforms,6.2,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-12-20T18:45:03.076Z,0
CVE-2022-43872,https://securityvulnerability.io/vulnerability/CVE-2022-43872,IBM Financial Transaction Manager information disclosure,"
IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. event log entries) about the FTM SWIFT system. IBM X-Force ID: 239708.

",IBM,Financial Transaction Manager,5.3,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-12-20T18:35:34.432Z,0
CVE-2019-4575,https://securityvulnerability.io/vulnerability/CVE-2019-4575,SQL Injection Vulnerability in IBM Financial Transaction Manager for Digital Payments,"IBM Financial Transaction Manager for Digital Payments versions 3.2.0 through 3.2.9 are susceptible to SQL injection attacks. By exploiting this vulnerability, a remote attacker can execute specially-crafted SQL queries, potentially leading to unauthorized access to the backend database. This may allow the attacker to view, modify, or delete critical information, posing significant risks to data integrity and security.",IBM,Financial Transaction Manager,5.3,MEDIUM,0.0013599999947473407,false,,false,false,false,,,false,false,,2022-06-15T16:15:00.000Z,0
CVE-2021-39066,https://securityvulnerability.io/vulnerability/CVE-2021-39066,Session Fixation Vulnerability in IBM Financial Transaction Manager,"IBM Financial Transaction Manager version 3.2.4 is susceptible to a session fixation vulnerability. This flaw allows an attacker to exploit existing session identifiers, potentially enabling them to hijack an authenticated user's session. The attacker can manipulate session management, resulting in the unauthorized access of sensitive transactions. Proper session invalidation mechanisms must be implemented to mitigate the risk of session theft.",IBM,Financial Transaction Manager,6.3,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2022-02-02T12:15:00.000Z,0
CVE-2021-39044,https://securityvulnerability.io/vulnerability/CVE-2021-39044,Cross-Site Request Forgery Vulnerability in IBM Financial Transaction Manager,"IBM Financial Transaction Manager version 3.2.4 is susceptible to a cross-site request forgery vulnerability. This weakness could enable an attacker to perform unauthorized actions on behalf of a trusted user. By exploiting this flaw, attackers may send malicious requests that appear legitimate, compromising the integrity of user interactions with the application. This vulnerability emphasizes the need for robust CSRF protection mechanisms within web applications.",IBM,Financial Transaction Manager,4.3,MEDIUM,0.000750000006519258,false,,false,false,false,,,false,false,,2022-02-02T12:15:00.000Z,0
CVE-2021-29841,https://securityvulnerability.io/vulnerability/CVE-2021-29841,Cross-Site Scripting Vulnerability in IBM Financial Transaction Manager,"IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting, allowing attackers to inject arbitrary JavaScript code into the Web UI. This flaw can compromise user sessions and potentially lead to unauthorized access to sensitive information, including credentials. It highlights the need for robust input validation and security measures to protect users from malicious scripts that could alter the intended functionality of the application.",IBM,Financial Transaction Manager,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-09-14T14:15:00.000Z,0
CVE-2020-5000,https://securityvulnerability.io/vulnerability/CVE-2020-5000,,IBM Financial Transaction Manager 3.2.0 through 3.2.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192952.,IBM,Financial Transaction Manager,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-06-15T20:15:00.000Z,0
CVE-2020-5003,https://securityvulnerability.io/vulnerability/CVE-2020-5003,,IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192956.,IBM,Financial Transaction Manager,6.5,MEDIUM,0.0015800000401213765,false,,false,false,false,,,false,false,,2021-06-11T15:15:00.000Z,0
CVE-2020-4555,https://securityvulnerability.io/vulnerability/CVE-2020-4555,,IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 183328.,IBM,Financial Transaction Manager,6.3,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2020-12-21T18:15:00.000Z,0
CVE-2020-4906,https://securityvulnerability.io/vulnerability/CVE-2020-4906,,IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be stored locally which can be read by another user on the system.,IBM,Financial Transaction Manager,4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-12-16T21:15:00.000Z,0
CVE-2020-4905,https://securityvulnerability.io/vulnerability/CVE-2020-4905,,"IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an remote attacker to obtain sensitive information, caused by a man in the middle attack. By SSL striping, an attacker could exploit this vulnerability to obtain sensitive information.",IBM,Financial Transaction Manager,5.9,MEDIUM,0.0022700000554323196,false,,false,false,false,,,false,false,,2020-12-16T21:15:00.000Z,0
CVE-2020-4904,https://securityvulnerability.io/vulnerability/CVE-2020-4904,,IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.,IBM,Financial Transaction Manager,4.3,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2020-12-16T21:15:00.000Z,0
CVE-2020-4907,https://securityvulnerability.io/vulnerability/CVE-2020-4907,,IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.,IBM,Financial Transaction Manager,5.3,MEDIUM,0.0010300000431016088,false,,false,false,false,,,false,false,,2020-12-16T21:15:00.000Z,0
CVE-2020-4908,https://securityvulnerability.io/vulnerability/CVE-2020-4908,,IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 returns the product version and release information on the login dialog. This information could be used in further attacks against the system.,IBM,Financial Transaction Manager,5.3,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2020-12-16T21:15:00.000Z,0
CVE-2020-4560,https://securityvulnerability.io/vulnerability/CVE-2020-4560,,IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,IBM,Financial Transaction Manager,4.7,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2020-08-03T13:15:00.000Z,0
CVE-2020-4328,https://securityvulnerability.io/vulnerability/CVE-2020-4328,,"IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 177839.",IBM,Financial Transaction Manager,6.3,MEDIUM,0.0009399999980814755,false,,false,false,false,,,false,false,,2020-08-03T13:15:00.000Z,0