Financial Transaction Manager for SWIFT Services from IBM Vulnerable to Message Modification Attacks

CVSScvssV3_1: 7.5

The Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services has a vulnerability that could allow attackers to modify important elements of financial messages.

Financial Transaction Manager is a tool used by banks and financial institutions to process SWIFT network messages. It includes a MER component for validating and repairing messages before sending them on the SWIFT network. However, researchers found that the MER facility assumes the sending address and message type of FIN messages cannot be changed.

An attacker could potentially exploit this by modifying these elements in intercepted messages before they are sent. This would allow the attacker to disguise the origin and purpose of financial transactions. They could redirect funds or gather sensitive banking information unintended by the legitimate participants.

IBM has assigned the vulnerability tracking number CVE-2023-49880 and a CVSS score of 7.5, considered high severity.

To protect themselves, users of Financial Transaction Manager should ensure they apply any updates or patches released by IBM to address this issue. Financial institutions should also monitor their SWIFT network for any unexpected changes to message sender or type attributes. Verifying message details with the intended participants is also recommended. Staying vigilant and keeping all systems up to date can help prevent exploitation of this vulnerability.