Information Exposure in IBM Financial Transaction Manager for SWIFT Services
CVE-2020-4907

5.3MEDIUM

Key Information:

Vendor: IBM
Status: Financial Transaction Manager
Vendor: CVE Published:; 16 December 2020

What is CVE-2020-4907?

IBM Financial Transaction Manager for SWIFT Services 3.2.4 is susceptible to an information exposure vulnerability, where a remote attacker may gain access to sensitive information conveyed through detailed technical error messages returned in a web browser. The disclosed information could potentially facilitate subsequent attacks against the affected system. Administrators should ensure that error messages do not reveal sensitive details and apply appropriate security measures to mitigate this risk.

Affected Version(s)

Financial Transaction Manager 3.2.4

References

https://www.ibm.com/support/pages/node/6371260

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/191112

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2020
Vulnerability Reserved
Dec 30, 2019