CVE-2023-35892

Name of the Vulnerable Software and Affected Versions IBM Financial Transaction Manager for SWIFT Services version 3.2.4

Description The issue is related to incorrect restriction of XML links to external objects, which can be exploited by a remote attacker to expose sensitive information or impact the availability of protected information. This is an XML External Entity Injection (XXE) attack when processing XML data, allowing the attacker to consume memory resources.

Recommendations For IBM Financial Transaction Manager for SWIFT Services version 3.2.4, consider disabling the XML processing feature until a patch is available to prevent exploitation of the XML External Entity Injection vulnerability. Restrict access to sensitive information and monitor memory resources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.