CVE-2022-43872

IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. event log entries) about the FTM SWIFT system. IBM X-Force ID: 239708.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/239708	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6848881	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/239708	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6848881	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:ibm:financial_transaction_manager:3.2.4:*:*:*:*:swift_services:*:*

OR	cpe:2.3:o:ibm:aix:-:::::::*
	cpe:2.3:o:ibm:linux_on_ibm_z:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*

History

21 Nov 2024, 07:27

Type	Values Removed	Values Added
Summary		(es) Las comprobaciones de autorización de IBM Financial Transaction Manager 3.2.4 se realizan incorrectamente para algunas solicitudes HTTP, lo que permite obtener información técnica no autorizada (por ejemplo, entradas de registro de eventos) sobre el sistema FTM SWIFT. ID de IBM X-Force: 239708.
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/239708 - VDB Entry, Vendor Advisory~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/239708 - VDB Entry, Vendor Advisory
References	~~() https://www.ibm.com/support/pages/node/6848881 - Patch, Vendor Advisory~~	() https://www.ibm.com/support/pages/node/6848881 - Patch, Vendor Advisory

Information

Published : 2022-12-20 19:15

Updated : 2024-11-21 07:27

NVD link : CVE-2022-43872

Mitre link : CVE-2022-43872

CVE.ORG link : CVE-2022-43872

JSON object : View

Products Affected

linux

linux_kernel

ibm

aix
linux_on_ibm_z
financial_transaction_manager

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2022-43872", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2022-12-20T19:15:24.990", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239708", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/6848881", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239708", "tags": ["VDB Entry", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ibm.com/support/pages/node/6848881", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "\nIBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. event log entries) about the FTM SWIFT system. IBM X-Force ID: 239708.\n\n"}, {"lang": "es", "value": "Las comprobaciones de autorizaci\u00f3n de IBM Financial Transaction Manager 3.2.4 se realizan incorrectamente para algunas solicitudes HTTP, lo que permite obtener informaci\u00f3n t\u00e9cnica no autorizada (por ejemplo, entradas de registro de eventos) sobre el sistema FTM SWIFT. ID de IBM X-Force: 239708."}], "lastModified": "2024-11-21T07:27:18.593", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:financial_transaction_manager:3.2.4:*:*:*:*:swift_services:*:*", "vulnerable": true, "matchCriteriaId": "DD9A7D3A-B68C-49A6-AEB6-5509ED41E63E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"}, {"criteria": "cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B955E472-47E3-4C32-847B-F6BB05594BA3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@us.ibm.com"}