exploitDog

CVE-2022-43872

Опубликовано: 20 дек. 2022

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. event log entries) about the FTM SWIFT system. IBM X-Force ID: 239708.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/239708
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6848881
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/239708
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6848881
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:ibm:financial_transaction_manager:3.2.4:*:*:*:*:swift_services:*:*

Одно из

cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*

cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

EPSS

Процентиль: 34%

0.00139

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-863

Связанные уязвимости

GHSA-hxv9-v8xj-vcr2

CVSS3: 5.3

github

около 3 лет назад

IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. event log entries) about the FTM SWIFT system. IBM X-Force ID: 239708.

EPSS

Процентиль: 34%

0.00139

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-863