IBM831BBBA53E62278F94C7543619A6B31F2789D8C1B6BF2DB650B9A39684815829Security Bulletin: Modification of Assumed-Immutable Data (MAID) affects IBM Financial Transaction Manager for SWIFT Services (CVE-2023-49880)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
6.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
27.2%
Summary
Modification of Assumed-Immutable Data (MAID) affects the MER facility of IBM Financial Transaction Manager for SWIFT Services. This vulnerability is addressed.
Vulnerability Details
CVEID:CVE-2023-49880
**DESCRIPTION:**In the Message Entry and Repair (MER) facility of Financial Transaction Manager for SWIFT Services the sending address and the message type of FIN messages are assumed to be immutable. However, an attacker might modify these elements of a business transaction.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/273183 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Financial Transaction Manager for SWIFT Services for Multiplatforms | 3.2.4 |
Remediation/Fixes
Install Fix Pack 11 of IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm financial transaction manager for swift services | eq | 3.2.4 |
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
6.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
27.2%