CVE-2022-43875 It looks like the flaw is not in cyber security. This is a design flaw. (21st Dec 2022)

Preface: Long time ago,  blockchain developers announcement that they have developed a blockchain platform to launch a digital system for international payments capable of replacing the global Swift system. Seems they are not successful.

Background: IBM FTM for swift services is certified real-time SWIFT messaging interface. Ensure faster payments in addition to SWIFT without changing the back office. Lower costs of compliance and get tailored solutions for your organization

About RMA: When RMA was introduced in 2009 as a replacement for the Bilateral Key Exchange (BKE), the spirit of the product was for banks to open the door to as many counterparties and correspondents as possible. Legacy RMAs can also create the opportunity for payments to be sent to destinations which may no longer be wanted or authorised, resulting in fraud risk.

The RMA is a SWIFT-mandated authorisation that enables financial institutions to define which counterparties can send them FIN messages.

Vulnerability details: IBM Financial Transaction Manager SWIFT could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or managing these authorizations.

Official announcement: For details, see the link – https://www.ibm.com/support/pages/node/6848881

Some performance problems might seem to be locking problems even though they are really problems somewhere else in the system. For example, a table space scan of a large table can result in timeout situations. Similarly, when tasks are waiting or swapped out, and the unit of work is not committed, the tasks continue to hold locks.

One of the recommendation: Reduce locking contention on the catalog and directory for data definition, bind, and utility operations

You can use the following approaches to reduce this type of contention:

Avoid using LOCK TABLE statements and statements that use RR isolation to query the catalog.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.