CVE-2023-49880 HIGH

CVE-2023-49880: IBM Financial Transaction Manager for SWIFT Services data manipulation

Vendor Ibm
Product Financial Transaction Manager for SWIFT Services
Published December 25, 2023
Last update August 2, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. However, an attacker might modify these elements of a business transaction. IBM X-Force ID: 273183.

Key dates

02Disclosure timeline

December 25, 2023 CVE published
August 2, 2024 Record updated