IBM Financial Transaction Manager for SWIFT Services XML external entity injection
CVE-2023-35892

7.1HIGH

Key Information:

Vendor

IBM
Status
Financial Transaction Manager For Swift Services
Vendor
CVE Published:
5 September 2023

What is CVE-2023-35892?

IBM Financial Transaction Manager for SWIFT Services version 3.2.4 is susceptible to an XML External Entity Injection (XXE) vulnerability. This issue arises when the application processes XML data, allowing a remote attacker to exploit the vulnerability to potentially expose sensitive information or exhaust system memory resources, compromising the integrity and confidentiality of the related transactions.

Affected Version(s)

Financial Transaction Manager for SWIFT Services 3.2.4

References

https://www.ibm.com/support/pages/node/7030359
vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/258786
vdb-entry

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.