IBM Financial Transaction Manager information disclosure
CVE-2022-43872

5.3MEDIUM

Key Information:

Vendor
IBM
Status
Financial Transaction Manager
Vendor
CVE Published:
20 December 2022

Summary

IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. event log entries) about the FTM SWIFT system. IBM X-Force ID: 239708.

Affected Version(s)

Financial Transaction Manager 3.2.4

References

https://www.ibm.com/support/pages/node/6848881
vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/239708
vdb-entry

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.