EUVD-2022-27504

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

IBM Sterling Partner Engagement Manager is vulnerable to an XML External Entity Injection attack

Reporter	Title	Published	Views	Family All 10
IBM Security Bulletins	Security Bulletin: IBM Partner Engagement Manager is vulnerable to improper restriction of XXE (CVE-2022-22358)	18 Jul 202211:50	–	ibm
ATTACKERKB	CVE-2022-22358	18 Jul 202200:00	–	attackerkb
Circl	CVE-2022-22358	19 Jul 202220:40	–	circl
CNNVD	IBM Sterling Partner Engagement Manager 代码问题漏洞	19 Jul 202200:00	–	cnnvd
CNVD	IBM Sterling Partner Engagement Manager XML External Entity Injection Vulnerability	21 Jul 202200:00	–	cnvd
CVE	CVE-2022-22358	19 Jul 202216:25	–	cve
Cvelist	CVE-2022-22358	19 Jul 202216:25	–	cvelist
NVD	CVE-2022-22358	19 Jul 202217:15	–	nvd
OSV	CVE-2022-22358	19 Jul 202217:15	–	osv
Prion	Xxe	19 Jul 202217:15	–	prion

[
  {
    "enisaIdVendor": [
      {
        "id": "e8f123e4-ceab-34ef-83ad-7d8b92e50996",
        "vendor": {
          "name": "IBM"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "42439d49-50e1-31c0-a1e2-d29025459b31",
        "product": {
          "name": "Sterling Partner Engagement Manager"
        },
        "product_version": "6.2"
      },
      {
        "id": "49c771a0-0caa-33d6-9e2a-4d3e99a3ab5d",
        "product": {
          "name": "Sterling Partner Engagement Manager"
        },
        "product_version": "6.1.2"
      },
      {
        "id": "a07a6536-ab77-3fd3-b329-ee7b7845ac16",
        "product": {
          "name": "Sterling Partner Engagement Manager on Cloud"
        },
        "product_version": "22.2"
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/6604993
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/220651

03 Oct 2025 20:07Current

7High risk

Vulners AI Score7

CVSS 37.1

CVSS 3.17.1

EPSS0.00418