Lucene search

IbmCVELIST:CVE-2023-49880

HistoryDec 25, 2023 - 2:24 a.m.

CVE-2023-49880 IBM Financial Transaction Manager for SWIFT Services data manipulation

2023-12-2502:24:32

ibm

www.cve.org

ibm financial transaction manager

swift services

data manipulation

message entry and repair

fin messages

attacker

business transaction

ibm x-force id 273183

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.2%

JSON

In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. However, an attacker might modify these elements of a business transaction. IBM X-Force ID: 273183.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Financial Transaction Manager for SWIFT Services",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "3.2.4"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/273183

www.ibm.com/support/pages/node/7101167

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.2%

JSON

Related for CVELIST:CVE-2023-49880