ibm transformation_extender_advanced CVE Vulnerabilities (7)

CVEs: 7 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting ibm transformation_extender_advanced (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 17 of 7 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2023-49886 IBM Standards Processing Engine 10.0.1.10 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe java deserialization. By sending specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. [email protected] 9.8 0.62% 2025-10-06 2026-06-17
CVE-2023-50300 IBM Transformation Extender Advanced 10.0.1 could allow a local user to perform unauthorized actions due to improper access controls. [email protected] 5.1 0.10% 2025-10-01 2026-06-17
CVE-2023-49883 IBM Transformation Extender Advanced 10.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. [email protected] 5.9 0.26% 2025-10-01 2026-06-17
CVE-2023-49881 IBM Transformation Extender Advanced 10.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. [email protected] 6.3 0.20% 2025-10-01 2026-06-17
CVE-2023-50301 IBM Transformation Extender Advanced 10.0.1 stores potentially sensitive information in log files that could be read by a local user. [email protected] 1.9 0.11% 2025-10-01 2026-06-17
CVE-2021-29883 IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 207090. [email protected] 4.3 0.52% 2021-10-21 2026-06-16
CVE-2017-1758 IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 135859. [email protected] 7.1 1.64% 2018-02-21 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence