Security Bulletin: Privilege Escalation vulnerability

Summary

An attacker/malicious user can tamper data sent in the forms fields to execute restricted functions,manipulate stored data, or alter the application workflow. The Web application does not perform orincorrectly performs an authorization check when a user attempts to access a resource or perform anaction.

Vulnerability Details

CVEID:CVE-2022-33959
**DESCRIPTION:**IBM Sterling Order Management could allow a user to bypass validation and perform unauthorized actions on behalf of other users.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229320 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)

Affected Products and Versions

Remediation/Fixes

<https://www.ibm.com/docs/en/order-management-sw/10.0?topic=new-in-certified-containers&gt;

Order Management on premise release notes - <https://www.ibm.com/docs/en/order-management-sw/10.0?topic=new-in-certified-containers&gt;

Fix Central Link (FP details URL):
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+Selling+and+Fulfillment+Foundation&fixids=10.0.0.0-Sterling-SSFF-All-fp29-Installer&source=SAR

Workarounds and Mitigations

None