Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM2009E050DB656C09DCD220A0708FE00588E1F2A25E1EF8A991501A57AC862C8A
HistoryDec 19, 2022 - 4:10 p.m.

Security Bulletin: Multiple Vulnerabilities Affect IBM Financial Transaction Manager for SWIFT Services (CVE-2022-4387, CVE-2022-43875)

2022-12-1916:10:16
www.ibm.com
27
ibm financial transaction manager
swift services
cve-2022-43872
cve-2022-43875
authorization checks
denial of service
fix pack

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

26.1%

JSON

Summary

Multiple vulnerabilities affect IBM Financial Transaction Manager for SWIFT Services. These are addressed.

Vulnerability Details

CVEID:CVE-2022-43872
**DESCRIPTION:**IBM Financial Transaction Manager authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. event log entries) about the FTM SWIFT system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239708 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2022-43875
**DESCRIPTION:**IBM Financial Transaction Manager SWIFT could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or managing these authorizations.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240034 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4

Remediation/Fixes

Install Fix Pack 8 of IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmfinancial_transaction_managerMatch3.2.4

Related

cve 3
nvd 2
prion 2
cvelist 2
cve
cve
CVE-2022-43872
2022-12-20 19:15:24
CVE-2022-43875
2022-12-20 19:15:25
CVE-2022-4387
2022-12-19 17:48:51
nvd
nvd
CVE-2022-43872
2022-12-20 19:15:24
CVE-2022-43875
2022-12-20 19:15:25
prion
prion
Authorization
2022-12-20 19:15:00
Design/Logic Flaw
2022-12-20 19:15:00
cvelist
cvelist
CVE-2022-43872 IBM Financial Transaction Manager information disclosure
2022-12-20 18:35:34
CVE-2022-43875 IBM Financial Transaction Manager for SWIFT Services for Multiplatforms denial of service
2022-12-20 18:45:03

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

26.1%

JSON
Related for 2009E050DB656C09DCD220A0708FE00588E1F2A25E1EF8A991501A57AC862C8A
cve3nvd2prion2cvelist2