CVE-2022-43872

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2022-43872
IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. event log entries) about the FTM SWIFT system. IBM X-Force ID: 239708.

5.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.ibm.com/support/pages/node/6848881 Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/239708 VDB Entry Vendor Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:ibm:financial_transaction_manager:3.2.4:*:*:*:*:swift_services:*:*
OR cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Information

Published : 2022-12-20 11:15

Updated : 2023-02-14 07:51

NVD link : CVE-2022-43872

Mitre link : CVE-2022-43872

JSON object : View

CWE
CWE-863

Incorrect Authorization

Advertisement

dedicated server usa
Products Affected

ibm

  • aix
  • linux_on_ibm_z
  • financial_transaction_manager

linux

  • linux_kernel