IBM113368A17947E6B319CD572F8157DB9FCCDDF9734309A27AC485CD1D4B36D81CSecurity Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to one-time password bypass (CVE-2023-43045)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
24.4%
Summary
IBM Sterling Partner Engagement Manager has addressed a reflected one-time password bypass vulnerability.
Vulnerability Details
CVEID:CVE-2023-43045
**DESCRIPTION:**IBM Sterling Partner Engagement Manager could allow a remote user to perform unauthorized actions due to improper authentication.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/266896 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Sterling Partner Engagement Manager Essentials Edition | 6.1.2, 6.2.0, 6.2.2 |
| IBM Sterling Partner Engagement Manager Standard Edition | 6.1.2, 6.2.0, 6.2.2 |
Remediation/Fixes
| Product | Version(s) | Remediation/Fix/Instructions |
|---|---|---|
| IBM Sterling Partner Engagement Manager Essentials Edition | 6.1.2, 6.2.0, 6.2.2 | Download 6.2.2.1.2 and follow installation instructions |
| IBM Sterling Partner Engagement Manager Standard Edition | 6.1.2, 6.2.0, 6.2.2 | Download 6.2.2.1.2 and follow installation instructions |
Workarounds and Mitigations
None
Affected configurations
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
24.4%