CVE-2022-43872 MEDIUM

CVE-2022-43872: IBM Financial Transaction Manager information disclosure

Vendor Ibm
Product Financial Transaction Manager
Published December 20, 2022
Last update April 16, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. event log entries) about the FTM SWIFT system. IBM X-Force ID: 239708.

Key dates

02Disclosure timeline

December 20, 2022 CVE published
April 16, 2025 Record updated