8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
39.8%
An attacker/malicious user can tamper data sent in the forms fields to execute restricted functions,manipulate stored data, or alter the application workflow. The Web application does not perform orincorrectly performs an authorization check when a user attempts to access a resource or perform anaction.
CVEID:CVE-2022-33959
**DESCRIPTION:**IBM Sterling Order Management could allow a user to bypass validation and perform unauthorized actions on behalf of other users.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229320 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Sterling Order Management | 10.0 |
<https://www.ibm.com/docs/en/order-management-sw/10.0?topic=new-in-certified-containers>
Order Management on premise release notes - <https://www.ibm.com/docs/en/order-management-sw/10.0?topic=new-in-certified-containers>
Fix Central Link (FP details URL):
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+Selling+and+Fulfillment+Foundation&fixids=10.0.0.0-Sterling-SSFF-All-fp29-Installer&source=SAR
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm sterling order management | eq | 10.0 |
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
39.8%