First published: Fri Dec 09 2022(Updated: )
IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. event log entries) about the FTM SWIFT system. IBM X-Force ID: 239708.
Credit: psirt@us.ibm.com psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms | =3.2.4 | |
IBM AIX | ||
Ibm Linux On Ibm Z | ||
Linux Linux kernel | ||
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms | <=3.2.4 | |
All of | ||
Ibm Financial Transaction Manager | =3.2.4 | |
Any of | ||
IBM AIX | ||
Ibm Linux On Ibm Z | ||
Linux Linux kernel |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-43872 is medium with a severity value of 5.3.
CVE-2022-43872 allows unauthorized access to technical information about the FTM SWIFT system.
You are affected by CVE-2022-43872 if you are using IBM Financial Transaction Manager 3.2.4 for SWIFT Services for Multiplatforms.
To fix CVE-2022-43872, update IBM Financial Transaction Manager to a version that addresses the authorization checks issue.
You can find more information about CVE-2022-43872 on the IBM X-Force website and the IBM support page.