CVE Published: 04/09/2023 |
CVE Updated: 26/09/2024 |
CVE Year: 2023 Source: ibm |
Vendor: IBM |
Product: Financial Transaction Manager for SWIFT Services Status : PUBLISHED
CVE-2023-35892 Description
IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 258786.
Metrics
CVSS Version: 3.1 |
Base Score: 7.1 HIGH Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L