Lucene search

IBM2832BEDCD87DB0BD128F389053F0DE1187D5250DCC77670C746748708A59E4F3

HistoryJun 05, 2024 - 12:08 p.m.

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to information disclosure (CVE-2022-35718)

2024-06-0512:08:17

www.ibm.com

ibm

sterling partner

engagement manager

information disclosure

vulnerability

url parameters

sensitive information

security bulletin

cve-2022-35718

fix

6.2.3.1

ibm sterling partner engagement manager essential and standard editions

6 Medium

AI Score

Confidence

Low

0 Low

EPSS

Percentile

0.0%

JSON

Summary

IBM Sterling Partner Engagement Manager is vulnerable to information disclosure. This bulletin identifies the steps to take to address the vulnerabilities.

Vulnerability Details

CVEID:CVE-2022-35718
**DESCRIPTION:**IBM Sterling Partner Engagement Manager stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/231369 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Sterling Partner Engagement Manager Essential and Standard Editions	6.2.3

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.

Product(s)	Version(s)	Remediation/Fix/Instructions
BM Sterling Partner Engagement Manager Essentials Edition	6.2.3

Download and apply 6.2.3.1

IBM Sterling Partner Engagement Manager Standard Edition| 6.2.3|

Download and apply 6.2.3.1

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmmulti-enterprise_integration_gatewayMatch6.2.3.1

CPENameOperatorVersion
multi-enterprise relationship managementeq6.2.3.1

CPE	Name	Operator	Version
	multi-enterprise relationship management	eq	6.2.3.1