CVE-2025-33135 PUBLISHED

IBM Financial Transaction Manager for ACH Services and Check Services is impacted by multiple vulnerabilities

Assigner: ibm
Reserved: 15.04.2025 Published: 17.02.2026 Updated: 17.02.2026

IBM Financial Transaction Manager for ACH Services and Check Services for Multi-Platform 3.0.0.0 through 3.0.5.4 Interim Fix 027 IBM Financial Transaction Manager for Check Services v3 (Multiplatforms) is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVSS Score: 6.1

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	None	Integrity Impact	Low
User Interaction	Required	Availability Impact	None

CVSS 3.1

Product Status

Vendor	IBM
Product	Financial Transaction Manager for ACH Services and Check Services for Multi-Platform
Versions	affected from 3.0.0.0 to 3.0.5.4 Interim Fix 027 (incl.)

Solutions

IBM strongly recommends addressing the vulnerability now. Affected Product(s) Resolved by VRMF Remediation / First Fix IBM Financial Transaction Manager for ACH Services and Check Services for Multi-Platform 3.0.5.4 iFix 28 FTM 3.0.5.4 iFix 28

References

https://www.ibm.com/support/pages/node/7260111

Problem Types

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE