CVE-2022-43872
MEDIUMIBM Financial Transaction Manager <3.2.4 - Info Disclosure
Title source: llmDescription
IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. event log entries) about the FTM SWIFT system. IBM X-Force ID: 239708.
References (2)
Core 2
Core References
Patch, Vendor Advisory vendor-advisory
https://www.ibm.com/support/pages/node/6848881
VDB Entry, Vendor Advisory vdb-entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/239708
Scores
CVSS v3
5.3
EPSS
0.0014
EPSS Percentile
33.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-863
Status
published
Products (1)
ibm/financial_transaction_manager
3.2.4
Published
Dec 20, 2022
Tracked Since
Feb 18, 2026