Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMEE8F5DD0348A4EC2937AD42D786A88AD7E274A4B32411FA5A580B5B9C5E7CBB7
HistoryJul 15, 2024 - 7:39 p.m.

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to Improper Error Handling.

2024-07-1519:39:29
www.ibm.com
4
ibm sterling partner engagement manager
improper error handling
log message disclosure
vulnerability
cve-2022-35640
remediation
download instructions

CVSS3

4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.7

Confidence

High

EPSS

0

Percentile

9.3%

JSON

Summary

IBM Sterling Partner Engagement Manager resolved the issue improper error handling, which prevents the disclosure of log messages containing implementation details.

Vulnerability Details

CVEID:CVE-2022-35640
**DESCRIPTION:**IBM Sterling Partner Engagement Manager could allow a local attacker to obtain sensitive information when a detailed technical error message is returned.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/230933 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
PEM 6.2.2

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.

Product Version(s) Remediation/Fix/Instructions
IBM Sterling Partner Engagement Manager Essentials Edition 6.2.3.1 Download 6.2.3.1 and follow installation instructions
IBM Sterling Partner Engagement Manager Standard Edition 6.2.3.1 Download 6.2.3.1 and follow installation instructions

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmsterling_partner_engagement_managerMatch6.2.2
OR
ibmsterling_partner_engagement_managerMatch6.2.0
OR
ibmsterling_partner_engagement_managerMatch6.1.2
VendorProductVersionCPE
ibmsterling_partner_engagement_manager6.2.2cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.2:*:*:*:*:*:*:*
ibmsterling_partner_engagement_manager6.2.0cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.0:*:*:*:*:*:*:*
ibmsterling_partner_engagement_manager6.1.2cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.1.2:*:*:*:*:*:*:*

Related

nvd 1
cvelist 1
cve 1
vulnrichment 1
nvd
nvd
CVE-2022-35640
2024-07-16 23:15:10
cvelist
cvelist
CVE-2022-35640 IBM Sterling Partner Engagement Manager information disclosure
2024-07-16 23:05:39
cve
cve
CVE-2022-35640
2024-07-16 23:15:10
vulnrichment
vulnrichment
CVE-2022-35640 IBM Sterling Partner Engagement Manager information disclosure
2024-07-16 23:05:39

CVSS3

4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.7

Confidence

High

EPSS

0

Percentile

9.3%

JSON
Related for EE8F5DD0348A4EC2937AD42D786A88AD7E274A4B32411FA5A580B5B9C5E7CBB7
nvd1cvelist1cve1vulnrichment1