CVE-2022-43872

Published: Dec 20, 2022Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. event log entries) about the FTM SWIFT system. IBM X-Force ID: 239708.

Affected (1)

Products: Ibm: Financial Transaction Manager

Ibm

1 product

Financial Transaction Manager

Configuration A

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Ibm Financial Transaction Manager	Version 3.2.4

Running on/with	Platform Versions
Ibm Aix	All versions
Ibm Linux On Ibm Z	All versions
Linux Linux Kernel	All versions

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/239708

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/6848881

Source: psirt@us.ibm.com

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/239708

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/6848881

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.