IBM Financial Transaction Manager for SWIFT Services XML external entity injection
CVE-2023-35892

7.1HIGH

Key Information:

Vendor: IBM
Status: Financial Transaction Manager For Swift Services
Vendor: CVE Published:; 5 September 2023

Summary

IBM Financial Transaction Manager for SWIFT Services version 3.2.4 is susceptible to an XML External Entity Injection (XXE) vulnerability. This issue arises when the application processes XML data, allowing a remote attacker to exploit the vulnerability to potentially expose sensitive information or exhaust system memory resources, compromising the integrity and confidentiality of the related transactions.

Affected Version(s)

Financial Transaction Manager for SWIFT Services 3.2.4

References

https://www.ibm.com/support/pages/node/7030359

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/258786

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 5, 2023
Vulnerability Reserved
Jun 20, 2023