CVE-2023-35892

CWE-611XML External Entity (XXE)3 documents3 sources
Severity
9.1CRITICAL
EPSS
0.0%
top 93.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Financial Transaction Manager FOR Swift ServicesIBM Financial Transaction Manager
Timeline
PublishedSep 5

Description

IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 258786.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:LExploitability: 2.8 | Impact: 4.2

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-j2wx-q7qw-r37w: IBM Financial Transaction Manager for SWIFT Services 32023-09-05
CVEList
IBM Financial Transaction Manager for SWIFT Services XML external entity injection2023-09-04
CVE-2023-35892 (CRITICAL CVSS 9.1) | IBM Financial Transaction Manager f | cvebase.io