Websphere Transformation Extender
by IBM
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1758 | Hig | 0.46 | 7.1 | 0.02 | Feb 21, 2018 | IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0) is vulnerable to a XML External Entity Injection (XXE) attack when… | ||
| CVE-2021-29883 | Med | 0.28 | 4.3 | 0.01 | Oct 21, 2021 | IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site… | ||
| CVE-2023-49886 | 0.00 | — | 0.01 | Oct 6, 2025 | IBM Standards Processing Engine 10.0.1.10 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe java deserialization. By sending specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. | |||
| CVE-2023-49883 | 0.00 | — | 0.00 | Oct 1, 2025 | IBM Transformation Extender Advanced 10.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | |||
| CVE-2023-50300 | 0.00 | — | 0.00 | Oct 1, 2025 | IBM Transformation Extender Advanced 10.0.1 could allow a local user to perform unauthorized actions due to improper access controls. | |||
| CVE-2023-49881 | 0.00 | — | 0.00 | Oct 1, 2025 | IBM Transformation Extender Advanced 10.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | |||
| CVE-2023-50301 | 0.00 | — | 0.00 | Oct 1, 2025 | IBM Transformation Extender Advanced 10.0.1 stores potentially sensitive information in log files that could be read by a local user. | |||
| CVE-2013-2962 | 0.00 | — | 0.00 | Feb 6, 2014 | Buffer overflow in the Launcher in IBM WebSphere Transformation Extender 8.4.x before 8.4.0.4 allows local users to cause a denial of service (process crash or Admin Console command-stream outage) via unspecified vectors. |
- risk 0.46cvss 7.1epss 0.02
IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0) is vulnerable to a XML External Entity Injection (XXE) attack when…
- risk 0.28cvss 4.3epss 0.01
IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site…
- CVE-2023-49886Oct 6, 2025risk 0.00cvss —epss 0.01
IBM Standards Processing Engine 10.0.1.10 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe java deserialization. By sending specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
- CVE-2023-49883Oct 1, 2025risk 0.00cvss —epss 0.00
IBM Transformation Extender Advanced 10.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
- CVE-2023-50300Oct 1, 2025risk 0.00cvss —epss 0.00
IBM Transformation Extender Advanced 10.0.1 could allow a local user to perform unauthorized actions due to improper access controls.
- CVE-2023-49881Oct 1, 2025risk 0.00cvss —epss 0.00
IBM Transformation Extender Advanced 10.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
- CVE-2023-50301Oct 1, 2025risk 0.00cvss —epss 0.00
IBM Transformation Extender Advanced 10.0.1 stores potentially sensitive information in log files that could be read by a local user.
- CVE-2013-2962Feb 6, 2014risk 0.00cvss —epss 0.00
Buffer overflow in the Launcher in IBM WebSphere Transformation Extender 8.4.x before 8.4.0.4 allows local users to cause a denial of service (process crash or Admin Console command-stream outage) via unspecified vectors.