XML External Entity Injection (XXE) Vulnerability in IBM Financial Transaction Manager for SWIFT Services 3.2.4

XML External Entity Injection (XXE) Vulnerability in IBM Financial Transaction Manager for SWIFT Services 3.2.4

CVE-2023-35892 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 258786.

Learn more about our External Network Penetration Testing.