{"api_version":"1","generated_at":"2026-06-20T02:02:51+00:00","cve":"CVE-2020-4908","urls":{"html":"https://cve.report/CVE-2020-4908","api":"https://cve.report/api/cve/CVE-2020-4908.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-4908","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-4908"},"summary":{"title":"CVE-2020-4908","description":"IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 returns the product version and release information on the login dialog. This information could be used in further attacks against the system.","state":"PUBLIC","assigner":"psirt@us.ibm.com","published_at":"2020-12-16 21:15:00","updated_at":"2020-12-17 15:25:00"},"problem_types":["CWE-200"],"metrics":[],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/191113","name":"ibm-ftm-cve20204908-info-disc (191113)","refsource":"XF","tags":["VDB Entry","Vendor Advisory"],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.ibm.com/support/pages/node/6371260","name":"https://www.ibm.com/support/pages/node/6371260","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"Security Bulletin: Various security vulnerabilities in IBM Financial Transaction Manager for SWIFT Services","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-4908","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-4908","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"4908","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"financial_transaction_manager_for_multiplatform","cpe6":"3.2.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"4908","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"financial_transaction_manager_for_multiplatform","cpe6":"3.2.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"STATE":"PUBLIC","ID":"CVE-2020-4908","DATE_PUBLIC":"2020-12-15T00:00:00","ASSIGNER":"psirt@us.ibm.com"},"data_version":"4.0","problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Obtain Information"}]}]},"data_type":"CVE","description":{"description_data":[{"lang":"eng","value":"IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 returns the product version and release information on the login dialog. This information could be used in further attacks against the system."}]},"data_format":"MITRE","references":{"reference_data":[{"refsource":"CONFIRM","title":"IBM Security Bulletin 6371260 (Financial Transaction Manager)","url":"https://www.ibm.com/support/pages/node/6371260","name":"https://www.ibm.com/support/pages/node/6371260"},{"name":"ibm-ftm-cve20204908-info-disc (191113)","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/191113","title":"X-Force Vulnerability Report","refsource":"XF"}]},"impact":{"cvssv3":{"TM":{"RL":"O","RC":"C","E":"U"},"BM":{"I":"N","A":"N","C":"L","PR":"N","S":"U","SCORE":"5.300","AC":"L","AV":"N","UI":"N"}}},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"version":{"version_data":[{"version_value":"3.2.4"}]},"product_name":"Financial Transaction Manager"}]},"vendor_name":"IBM"}]}}},"nvd":{"publishedDate":"2020-12-16 21:15:00","lastModifiedDate":"2020-12-17 15:25:00","problem_types":["CWE-200"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":3.9,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:financial_transaction_manager_for_multiplatform:3.2.4:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"4908","Ordinal":"164936","Title":"CVE-2020-4908","CVE":"CVE-2020-4908","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"4908","Ordinal":"1","NoteData":"IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 returns the product version and release information on the login dialog. This information could be used in further attacks against the system.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"4908","Ordinal":"2","NoteData":"2020-12-16","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"4908","Ordinal":"3","NoteData":"2020-12-16","Type":"Other","Title":"Modified"}]}}}