CVE-2020-4908

Vulnerability

The login dialog of IBM Financial Transaction Manager for SWIFT Services for Multiplatforms version 3.2.4 returns the product version and release information. This information disclosure occurs without requiring authentication, as the login page is accessible to any network user. The vulnerability is detailed in the IBM security advisory [1].

Exploitation

An unauthenticated remote attacker can access the login dialog and retrieve the software version and release details. No special privileges or user interaction are required. The attacker can then use this information to identify potential attack vectors or target specific known vulnerabilities for the identified version.

Impact

Successful exploitation results in low confidentiality impact by exposing the product version and release information. This data does not directly compromise system integrity or availability but can assist an attacker in reconnaissance, potentially enabling more targeted attacks against the system.

Mitigation

IBM has released a security update to address this issue. According to [1], administrators should apply the fix provided on the IBM support page. No workarounds are documented. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.