Lucene search

IBMF9BCD6349A6B3D35A9EEDE5C351AB06DB8A55E5346CB9C52FA17D5864F583C3B

HistoryApr 03, 2023 - 10:49 a.m.

Security Bulletin: Security vulnerability in IBM Financial Transaction Manager for SWIFT Service

2023-04-0310:49:22

www.ibm.com

ibm

financial transaction manager

swift services

cross-site scripting

vulnerability

multiplatforms

fix pack 9

remediation.

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

19.0%

JSON

Summary

Cross-site scripting vulnerability in IBM Financial Transaction Manager for SWIFT Services

Vulnerability Details

CVEID:CVE-2022-43871
**DESCRIPTION:**IBM Financial Transaction Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 4.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239707 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms	3.2.4

Remediation/Fixes

Install Fix Pack 9 of IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmfinancial_transaction_managerMatch3.2.4swift_services