Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM3114D5A5F08D3D0909E0DCF73B7C8BCFBEFD69EF8A9D68ED60FBA9B6B8ECE821
HistoryDec 15, 2020 - 4:17 p.m.

Security Bulletin: Various security vulnerabilities in IBM Financial Transaction Manager for SWIFT Services

2020-12-1516:17:22
www.ibm.com
6

0.002 Low

EPSS

Percentile

55.1%

JSON

Summary

Various security vulnerabilities in IBM Financial Transaction Manager for SWIFT Services

Vulnerability Details

CVEID:CVE-2020-4906
**DESCRIPTION:**IBM Financial Transaction Manager for SWIFT Services allows web pages to be stored locally which can be read by another user on the system.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/191110 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2020-4907
**DESCRIPTION:**IBM Financial Transaction Manager could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/191112 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2020-4908
**DESCRIPTION:**IBM Financial Transaction Manager for SWIFT Services returns the product version and release information on the login dialog. This information could be used in further attacks against the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/191113 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2020-4905
**DESCRIPTION:**IBM Financial Transaction Manager for SWIFT Services could allow an remote attacker to obtain sensitive information, caused by a man in the middle attack. By SSL striping, an attacker could exploit this vulnerability to to obtain sensitive information.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/191109 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2020-4904
**DESCRIPTION:**IBM Financial Transaction Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/191106 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)

Affected Products and Versions

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4

Remediation/Fixes

Install Fix Pack 2 of IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm financial transaction managereq3.0

Related

prion 5
nvd 5
cvelist 5
cve 5
prion
prion
Information disclosure
2020-12-16 21:15:00
Information disclosure
2020-12-16 21:15:00
Design/Logic Flaw
2020-12-16 21:15:00
nvd
nvd
CVE-2020-4907
2020-12-16 21:15:13
CVE-2020-4905
2020-12-16 21:15:13
CVE-2020-4908
2020-12-16 21:15:13
cvelist
cvelist
CVE-2020-4908
2020-12-15 00:00:00
CVE-2020-4907
2020-12-15 00:00:00
CVE-2020-4906
2020-12-15 00:00:00
cve
cve
CVE-2020-4905
2020-12-16 21:15:13
CVE-2020-4907
2020-12-16 21:15:13
CVE-2020-4906
2020-12-16 21:15:13

0.002 Low

EPSS

Percentile

55.1%

JSON
Related for 3114D5A5F08D3D0909E0DCF73B7C8BCFBEFD69EF8A9D68ED60FBA9B6B8ECE821
prion5nvd5cvelist5cve5