CVE-2023-49880

3 documents3 sources

Severity

7.5HIGH

EPSS

0.0%

top 85.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Financial Transaction Manager FOR Swift Services IBM Financial Transaction Manager

Timeline

PublishedDec 25

Description

In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. However, an attacker might modify these elements of a business transaction. IBM X-Force ID: 273183.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/financial_transaction_manager_for_swift_services3.2.4

▶NVDibm/financial_transaction_manager3.2.4

🔴Vulnerability Details

CVEList

IBM Financial Transaction Manager for SWIFT Services data manipulation↗2023-12-25

▶

GHSA

GHSA-9mr3-mrj5-pc9x: In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3↗2023-12-25

▶