Stored Cross-Site Scripting Vulnerability in IBM Financial Transaction Manager for SWIFT Services
CVE-2024-49339

6.4MEDIUM

Key Information:

Vendor: IBM
Status: Financial Transaction Manager For Swift Services For Multiplatforms
Vendor: CVE Published:; 31 January 2025

Summary

IBM Financial Transaction Manager for SWIFT Services versions 3.2.4.0 to 3.2.4.1 contain a vulnerability that enables authenticated users to inject arbitrary JavaScript code into the web interface. This can lead to unintended alterations in the application's functionality, potentially compromising sensitive user credentials during trusted sessions. It is crucial for users and administrators to patch their systems to mitigate risks associated with this vulnerability and protect against possible exploitation.

Affected Version(s)

Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 <= 3.2.4.13

References

https://www.ibm.com/support/pages/node/7182201

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 31, 2025
Vulnerability Reserved
Oct 14, 2024