VYPR
← All advisories
Medium severity5.4NVD Advisory· Published May 26, 2026· Updated May 26, 2026

CVE-2025-36148

CVE-2025-36148

Description

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.15 IBM Financial Transaction Manager SWIFT is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms versions 3.2.4.0-3.2.4.15 are vulnerable to XSS, allowing credential disclosure via embedded JavaScript.

Vulnerability

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms versions 3.2.4.0 through 3.2.4.15 are vulnerable to cross-site scripting (XSS) in the Web UI. The flaw stems from improper neutralization of user input during web page generation (CWE-79) [1].

Exploitation

An unauthenticated attacker can embed arbitrary JavaScript code into the Web UI. The attacker does not require authentication, but successful exploitation relies on a trusted user interacting with the maliciously crafted content, potentially leading to credential disclosure within the same session [1].

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the victim's session, altering intended functionality and potentially disclosing sensitive credentials. The CVSS score is 5.4 (Medium) with a vector of AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating low impact on confidentiality and integrity [1].

Mitigation

IBM strongly recommends upgrading to IBM Financial Transaction Manager for SWIFT Services for Multiplatforms Fix Pack 16 (version 3.2.4.16) to remediate this vulnerability. No workarounds are available [1].

References
  1. Security Bulletin: IBM Financial Transaction Manager for SWIFT Services for Multiplatforms is vulnerable to cross-site scripting.

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.