VYPR

Websphere Transformation Extender

by IBM

CVEs (8)

  • CVE-2017-1758HigFeb 21, 2018
    risk 0.46cvss 7.1epss 0.02

    IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0) is vulnerable to a XML External Entity Injection (XXE) attack when…

  • CVE-2021-29883MedOct 21, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site…

  • CVE-2023-49886Oct 6, 2025
    risk 0.00cvss epss 0.01

    IBM Standards Processing Engine 10.0.1.10 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe java deserialization. By sending specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.

  • CVE-2023-49883Oct 1, 2025
    risk 0.00cvss epss 0.00

    IBM Transformation Extender Advanced 10.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.

  • CVE-2023-50300Oct 1, 2025
    risk 0.00cvss epss 0.00

    IBM Transformation Extender Advanced 10.0.1 could allow a local user to perform unauthorized actions due to improper access controls.

  • CVE-2023-49881Oct 1, 2025
    risk 0.00cvss epss 0.00

    IBM Transformation Extender Advanced 10.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

  • CVE-2023-50301Oct 1, 2025
    risk 0.00cvss epss 0.00

    IBM Transformation Extender Advanced 10.0.1 stores potentially sensitive information in log files that could be read by a local user.

  • CVE-2013-2962Feb 6, 2014
    risk 0.00cvss epss 0.00

    Buffer overflow in the Launcher in IBM WebSphere Transformation Extender 8.4.x before 8.4.0.4 allows local users to cause a denial of service (process crash or Admin Console command-stream outage) via unspecified vectors.