HIGH🇬🇧 English

CVE-2023-49880

CVSS 7.5v3.1pub. 2023-12-25upd. 2024-11-21

In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. However, an attacker might modify these elements of a business transaction. IBM X-Force ID: 273183.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • IBM Financial Transaction Manager

    APP
    Ibm
    3.2.4
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2019-4575CRITICAL9.8ten sam produkt

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.9 is vulnerable to...

CVE-2020-5003CRITICAL9.1ten sam produkt

IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when pr...

CVE-2019-4032CRITICAL9.8ten sam produkt

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection...

CVE-2023-35892HIGH7.1ten sam produkt

IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity Injection (...

CVE-2021-39044HIGH8.8ten sam produkt

IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site request forgery which could allow an attac...

CVE-2023-49880 — HIGH 7.5 | CVEbaza.pl