Local File Read Vulnerability in IBM Financial Transaction Manager for SWIFT Services
CVE-2020-4906

4MEDIUM

Key Information:

Vendor: IBM
Status: Financial Transaction Manager
Vendor: CVE Published:; 16 December 2020

What is CVE-2020-4906?

The vulnerability in IBM Financial Transaction Manager for SWIFT Services 3.2.4 allows attackers to access web pages stored locally on the system. This issue arises because the system does not implement adequate restrictions, enabling unintended users to read these local files. If exploited, this flaw could lead to the unauthorized exposure of sensitive information, raising significant security concerns for users and organizations relying on this service.

Affected Version(s)

Financial Transaction Manager 3.2.4

References

https://www.ibm.com/support/pages/node/6371260

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/191110

vdb-entryx_refsource_XF

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2020
Vulnerability Reserved
Dec 30, 2019