Ibm Financial Transaction Manager For Swift Services vulnerabilities

CVE-2023-49880 [HIGH] CVE-2023-49880: In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Servic In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. However, an attacker might modify these elements of a business transaction. IBM X-Force ID: 273183.

CVE-2023-35892 [HIGH] CWE-611 CVE-2023-35892: IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity I IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 258786.

CVE-2022-43871 [MEDIUM] CWE-79 CVE-2022-43871: IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to cross-site scripting. Th IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239707.