CVE-2020-4905

Vulnerability

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms version 3.2.4 is vulnerable to a man-in-the-middle attack due to insufficient SSL/TLS protection. An attacker on the network path can perform SSL stripping to downgrade the connection to HTTP, allowing interception of sensitive data. The vulnerability is triggered when the client connects to the server over a network controlled by the attacker.

Exploitation

To exploit this vulnerability, an attacker must be positioned on the network between the client and the server (e.g., on a public Wi-Fi or compromised router). The attacker intercepts the initial HTTPS connection and negotiates a plain HTTP connection with the client while maintaining an HTTPS connection to the server, effectively stripping the SSL layer. No authentication or user interaction beyond normal browsing is required.

Impact

Successful exploitation allows the attacker to obtain sensitive information transmitted between the client and server, including credentials, financial transaction data, and other confidential data. This impacts confidentiality (CIA: High confidentiality impact) as per CVSS vector.

Mitigation

IBM has released a fix; refer to IBM Security Bulletin [1] for guidance. The vulnerability is addressed in IBM Financial Transaction Manager for SWIFT Services for Multiplatforms version 3.2.4.1 or later. Users should update to the latest version. No workaround is provided in the available reference.