Lucene search

IBMEBD3F48736247935A3764958E2CE311D433AE8548F6B8C1144BF493064A2319A

HistoryMar 12, 2024 - 5:51 p.m.

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to cross-site scripting (CVE-2023-28517)

2024-03-1217:51:32

www.ibm.com

ibm sterling partner engagement manager

cross-site scripting

cve-2023-28517

vulnerability

cvss

6.2.2

6.1.2

6.2.0

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Summary

IBM Sterling Partner Engagement Manager has addressed a reflected cross-site scripting vulnerability.

Vulnerability Details

CVEID:CVE-2023-28517
**DESCRIPTION:**IBM Sterling Partner Engagement Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/250421 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Sterling Partner Engagement Manager	6.2.2
IBM Sterling Partner Engagement Manager	6.1.2
IBM Sterling Partner Engagement Manager	6.2.0

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading …

Product	Version	Remediation
IBM Sterling Partner Engagement Manager Essentials Edition	6.2.2.2	Link
IBM Sterling Partner Engagement Manager Standard Edition	6.2.2.2	Link
IBM Sterling Partner Engagement Manager Essentials Edition	6.1.2.9	Link
IBM Sterling Partner Engagement Manager Standard Edition	6.1.2.9	Link
IBM Sterling Partner Engagement Manager Essentials Edition	6.2.0.7	Link
IBM Sterling Partner Engagement Manager Standard Edition	6.2.0.7	Link

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmmulti-enterprise_integration_gatewayMatch6.2.2.2

ibmmulti-enterprise_integration_gatewayMatch6.1.2.9

ibmmulti-enterprise_integration_gatewayMatch6.2.0.7

CPENameOperatorVersion
multi-enterprise relationship managementeq6.2.2.2
multi-enterprise relationship managementeq6.1.2.9
multi-enterprise relationship managementeq6.2.0.7

Name	Operator	Version
multi-enterprise relationship management	eq	6.2.2.2
multi-enterprise relationship management	eq	6.1.2.9
multi-enterprise relationship management	eq	6.2.0.7