VYPR

Financial Transaction Manager for SWIFT Services for Multiplatforms

by IBM

CVEs (12)

  • CVE-2023-49880HigDec 25, 2023
    risk 0.49cvss 7.5epss 0.01

    In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. However, an attacker might modify these elements of a business transaction. IBM…

  • CVE-2023-35892HigSep 5, 2023
    risk 0.46cvss 7.1epss 0.01

    IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: …

  • CVE-2024-49339MedJan 31, 2025
    risk 0.42cvss 6.4epss 0.00

    IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.1 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality…

  • CVE-2020-4904MedDec 16, 2020
    risk 0.42cvss 6.5epss 0.00

    IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

  • CVE-2024-49349MedJan 31, 2025
    risk 0.40cvss 6.1epss 0.00

    IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.1 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality…

  • CVE-2022-43875MedDec 20, 2022
    risk 0.40cvss 6.2epss 0.00

    IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or managing these authorizations. IBM X-Force ID: 240034.

  • CVE-2020-4905MedDec 16, 2020
    risk 0.38cvss 5.9epss 0.01

    IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an remote attacker to obtain sensitive information, caused by a man in the middle attack. By SSL striping, an attacker could exploit this vulnerability to obtain sensitive information.

  • CVE-2025-36148MedMay 26, 2026
    risk 0.35cvss 5.4epss 0.00

    IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.15 IBM Financial Transaction Manager SWIFT is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI…

  • CVE-2020-4908MedDec 16, 2020
    risk 0.35cvss 5.3epss 0.01

    IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 returns the product version and release information on the login dialog. This information could be used in further attacks against the system.

  • CVE-2020-4907MedDec 16, 2020
    risk 0.35cvss 5.3epss 0.01

    IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

  • CVE-2022-43871MedApr 29, 2023
    risk 0.30cvss 4.6epss 0.00

    IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a…

  • CVE-2020-4906LowDec 16, 2020
    risk 0.21cvss 3.3epss 0.00

    IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be stored locally which can be read by another user on the system.