Rewterz

Rewterz Threat Advisory – Multiple IBM Navigator for i Vulnerabilities

December 26, 2022
Rewterz

Rewterz Threat Advisory – CVE-2022-46771 – IBM UrbanCode Deploy (UCD) Vulnerability

December 26, 2022

Rewterz Threat Advisory – Multiple IBM Financial Transaction Manager Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2022-43875 CVSS:6.2

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or managing these authorizations. 

CVE-2022-43872 CVSS:5.3

IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. event log entries) about the FTM SWIFT system. 

Impact

  • Denial of Service
  • Information Disclosure

Indicators Of Compromise

CVE

  • CVE-2022-43875
  • CVE-2022-43872

Affected Vendors

IBM

Affected Products

  • IBM Financial Transaction Manager 3.2.4

Remediation

Refer to IBM Security Advisory for patch, upgrade or suggested workaround information. 

IBM Security Advisory

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.