Lucene search

K
ibmIBM43D189034742AFDBA97C60C95ED92A12F537D1C8AAE14A136CC4A601508E6470
HistoryJan 10, 2023 - 10:47 a.m.

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to multiple issues due to IBM® SDK, Java™ Technology Edition ( CVE-2022-21541, CVE-2022-21540 )

2023-01-1010:47:33
www.ibm.com
13

0.001 Low

EPSS

Percentile

49.5%

Summary

IBM Sterling Partner Engagement Manager has addressed all applicable Java SE CVEs published by Oracle as part of their July 2022 Critical Patch Update.

Vulnerability Details

CVEID:CVE-2022-21541
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/231568 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID:CVE-2022-21540
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/231567 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, 6.2.1

Remediation/Fixes

Product Version Remediation
IBM Sterling Partner Engagement Manager Essentials Edition 6.1.2.7 http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+Sterling+Partner+Engagement+Manager+Software&fixids=IBM_PEM_Essentials_6.1.2.7&source=SAR
IBM Sterling Partner Engagement Manager Standard Edition 6.1.2.7 http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+Sterling+Partner+Engagement+Manager+Software&fixids=IBM_PEM_Standard_6.1.2.7&source=SAR
IBM Sterling Partner Engagement Manager Essentials Edition 6.2.0.5 http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+Sterling+Partner+Engagement+Manager+Software&fixids=IBM_PEM_Essentials_6.2.0.5&source=SAR
IBM Sterling Partner Engagement Manager Standard Edition 6.2.0.5 http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+Sterling+Partner+Engagement+Manager+Software&fixids=IBM_PEM_Standard_6.2.0.5&source=SAR
IBM Sterling Partner Engagement Manager Essentials Edition 6.2.1.2 http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+Sterling+Partner+Engagement+Manager+Software&fixids=IBM_PEM_Essentials_6.2.1.2&source=SAR
IBM Sterling Partner Engagement Manager Standard Edition 6.2.1.2 https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FIBM+Sterling+Partner+Engagement+Manager+Software&fixids=IBM_PEM_Standard_6.2.1.2&source=SAR

Workarounds and Mitigations

None