Financial Transaction Manager For Swift Services For Multiplatforms
Monthly
Cross-site scripting in IBM Financial Transaction Manager for SWIFT Services for Multiplatforms versions 3.2.4.0 through 3.2.4.15 permits injection of arbitrary JavaScript into the Web UI, creating a pathway to credential disclosure within an authenticated operator's session. The Changed Scope (S:C) in the CVSS vector confirms the injected script executes in the victim's browser beyond the originating application boundary, elevating real-world impact in a SWIFT financial messaging context. No public exploit has been identified and EPSS stands at 0.05% (16th percentile), reflecting low immediate exploitation probability, though a discrepancy between the CVE description characterizing the attacker as unauthenticated and the CVSS PR:L vector warrants vendor clarification before finalizing risk posture.
Cross-site scripting in IBM Financial Transaction Manager for SWIFT Services for Multiplatforms versions 3.2.4.0 through 3.2.4.15 permits injection of arbitrary JavaScript into the Web UI, creating a pathway to credential disclosure within an authenticated operator's session. The Changed Scope (S:C) in the CVSS vector confirms the injected script executes in the victim's browser beyond the originating application boundary, elevating real-world impact in a SWIFT financial messaging context. No public exploit has been identified and EPSS stands at 0.05% (16th percentile), reflecting low immediate exploitation probability, though a discrepancy between the CVE description characterizing the attacker as unauthenticated and the CVSS PR:L vector warrants vendor clarification before finalizing risk posture.