CVE-2020-4906
Description
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be stored locally which can be read by another user on the system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Financial Transaction Manager for SWIFT Services 3.2.4 stores web pages locally, allowing local users to read other users' cached sensitive information.
Vulnerability
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms version 3.2.4 stores web pages locally in a manner that can be read by another user on the same system. This issue is described in IBM security bulletin [1].
Exploitation
An attacker with local access to the system, requiring no authentication or user interaction (CVSS:3.0/AV:L/AC:L/PR:N/UI:N), can read the locally stored web pages from another user's session. The attacker simply needs to access the local storage location where the web pages are cached.
Impact
Successful exploitation allows the attacker to read potentially sensitive information contained in the locally stored web pages, leading to a limited confidentiality breach. The CVSS base score is 4.0, indicating a low impact on confidentiality.
Mitigation
IBM has released a fix as part of a security update. Administrators should upgrade to the latest version of IBM Financial Transaction Manager for SWIFT Services as specified in the security bulletin [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = 3.2.4
- Range: 3.2.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- exchange.xforce.ibmcloud.com/vulnerabilities/191110mitrevdb-entryx_refsource_XF
- www.ibm.com/support/pages/node/6371260mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.