PT-2023-31405 · Ibm · Ibm Financial Transaction Manager For Swift Services
Published
2023-12-24
·
Updated
2024-01-03
·
CVE-2023-49880
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Financial Transaction Manager for SWIFT Services version 3.2.4
Description
The Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services assumes the sending address and the message type of FIN messages are immutable. However, an attacker might modify these elements of a business transaction.
Recommendations
For IBM Financial Transaction Manager for SWIFT Services version 3.2.4, consider restricting access to the MER facility to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the MER facility for FIN messages that require immutable sending addresses and message types.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ibm Financial Transaction Manager For Swift Services