CVE-2024-49349

Name of the Vulnerable Software and Affected Versions IBM Financial Transaction Manager for SWIFT Services for Multiplatforms versions 3.2.4.0 through 3.2.4.1

Description The issue allows authenticated users to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session. This is due to a stored cross-site scripting issue.

Recommendations For versions 3.2.4.0 through 3.2.4.1, consider disabling access to the Web UI until a patch is available to prevent potential exploitation of the stored cross-site scripting issue. Restrict access to sensitive areas of the application to minimize the risk of credentials disclosure.