IBM Financial Transaction Manager for SWIFT Services data manipulation
CVE-2023-49880

7.5HIGH

Key Information:

Vendor: IBM
Status: Financial Transaction Manager for SWIFT Services
Vendor: CVE Published:; 25 December 2023

Summary

The Message Entry and Repair (MER) facility within IBM Financial Transaction Manager for SWIFT Services version 3.2.4 has a vulnerability that allows an attacker to alter the sending address and message type of FIN messages. This ability to modify critical elements of business transactions poses a significant risk to the integrity of financial operations and data security. Proper safeguards should be implemented to prevent unauthorized modifications to transaction details.

Affected Version(s)

Financial Transaction Manager for SWIFT Services 3.2.4

References

https://www.ibm.com/support/pages/node/7101167

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/273183

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 25, 2023
Vulnerability Reserved
Dec 1, 2023