CVE-2023-49880

In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. However, an attacker might modify these elements of a business transaction. IBM X-Force ID: 273183.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/273183	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/7101167	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:financial_transaction_manager:3.2.4:*:*:*:*:swift_services:*:*

History

03 Jan 2024, 21:03

Type	Values Removed	Values Added
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/273183 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/273183 - VDB Entry, Vendor Advisory
References	~~() https://www.ibm.com/support/pages/node/7101167 -~~	() https://www.ibm.com/support/pages/node/7101167 - Vendor Advisory
CPE		cpe:2.3:a:ibm:financial_transaction_manager:3.2.4:::::swift_services::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
First Time		Ibm financial Transaction Manager Ibm
CWE		NVD-CWE-noinfo

25 Dec 2023, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-25 03:15

Updated : 2024-02-28 20:54

NVD link : CVE-2023-49880

Mitre link : CVE-2023-49880

CVE.ORG link : CVE-2023-49880

JSON object : View

Products Affected

ibm

financial_transaction_manager

CWE

NVD-CWE-noinfo

{"id": "CVE-2023-49880", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-12-25T03:15:08.430", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273183", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/7101167", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. However, an attacker might modify these elements of a business transaction. IBM X-Force ID: 273183."}, {"lang": "es", "value": "En la funci\u00f3n Message Entry and Repair (MER) de IBM Financial Transaction Manager para SWIFT Services 3.2.4, se supone que la direcci\u00f3n de env\u00edo y el tipo de mensaje de los mensajes FIN son inmutables. Sin embargo, un atacante podr\u00eda modificar estos elementos de una transacci\u00f3n comercial. ID de IBM X-Force: 273183."}], "lastModified": "2024-01-03T21:03:07.817", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:financial_transaction_manager:3.2.4:*:*:*:*:swift_services:*:*", "vulnerable": true, "matchCriteriaId": "DD9A7D3A-B68C-49A6-AEB6-5509ED41E63E"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}