Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMC86AB366E11233528950D8C303F355E8E9BE590D8941277BD38408EB635933AE
HistoryOct 31, 2023 - 1:44 p.m.

Security Bulletin: IBM Financial Transaction Manager v3.2.x is vulnerable to XML External Entity Injection (XXE)

2023-10-3113:44:35
www.ibm.com
29
ibm financial transaction manager
xml external entity injection
vulnerability
java
swift services
multi-platform
digital payments
corporate payment services
immediate payments
high value payments
cve-2023-35892
cvss
vulnerabilities
resolved
vrmf

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.1%

JSON

Summary

An XML External Entity Injection (XXE) vulnerability in Java based XML parsers within IBM Financial Transaction Manager was addressed.

Vulnerability Details

CVEID:CVE-2023-35892
**DESCRIPTION:**IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 258786.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/258786 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
Financial Transaction Manager for for Multi-Platform(MP) 3.2.0-3.2.11.x
Financial Transaction Manager for Digital Payments(DP) 3.2.0-3.2.11.x
Financial Transaction Manager for Corporate Payment Services(CPS) 3.2.0-3.2.11.x
Financial Transaction Manager for Immediate Payments(IP) 3.2.0-3.2.11.x
Financial Transaction Manager for High Value Payments(HVP) 3.2.0-3.2.11.x

Remediation/Fixes

Affected Product(s) Resolved by VRMF Version(s)
Financial Transaction Manager for for Multi-Platform(MP) 3.2.12 FTM Base
Financial Transaction Manager for Digital Payments(DP) 3.2.12 FTM DP
Financial Transaction Manager for Corporate Payment Services(CPS) 3.2.12 FTM CPS
Financial Transaction Manager for Immediate Payments(IP) 3.2.12 FTM IP
Financial Transaction Manager for High Value Payments(HVP) 3.2.12 FTM HVP

Workarounds and Mitigations

None

Related

prion 1
cvelist 1
cve 1
ibm 2
prion
prion
Xxe
2023-09-05 00:15:00
cvelist
cvelist
CVE-2023-35892 IBM Financial Transaction Manager for SWIFT Services XML external entity injection
2023-09-04 23:45:38
cve
cve
CVE-2023-35892
2023-09-05 00:15:07
ibm
ibm
Security Bulletin: IBM Financial Transaction Manager is vulnerable to an XML External Entity Injection (XXE) attack
2024-05-07 16:15:31
Security Bulletin: XML External Entity Injection vulnerability affects IBM Financial Transaction Manager for SWIFT Services (CVE-2023-35892)
2023-09-01 08:26:52

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.1%

JSON
Related for C86AB366E11233528950D8C303F355E8E9BE590D8941277BD38408EB635933AE
prion1cvelist1cve1ibm2