Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMF8602E1C3B9435C4A0B738387786534FEDC1E41370E52CF2BC9BD07BB1203C4A
HistoryJan 10, 2023 - 10:42 a.m.

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to denial of service (CVE-2022-34335)

2023-01-1010:42:37
www.ibm.com
16
ibm sterling partner engagement manager
vulnerability
denial of service
pcm apis
authenticated user
exhaust server resources
fix
versions 6.1.2.7
6.2.0.5
6.2.1.2

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

30.2%

JSON

Summary

IBM Sterling Partner Engagement Manager has addressed a vulnerablity in the PCM APIs.

Vulnerability Details

CVEID:CVE-2022-34335
**DESCRIPTION:**IBM Sterling Partner Engagement Manager could allow a an authenticated user to exhaust server resources which could lead to a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229705 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Sterling Partner Engagement Manager Standard 6.1.2, 6.2.0, 6.2.1

Remediation/Fixes

Product Version Remediation
IBM Sterling Partner Engagement Manager Standard Edition 6.1.2.7 http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+Sterling+Partner+Engagement+Manager+Software&fixids=IBM_PEM_Standard_6.1.2.7&source=SAR
IBM Sterling Partner Engagement Manager Standard Edition 6.2.0.5 http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+Sterling+Partner+Engagement+Manager+Software&fixids=IBM_PEM_Standard_6.2.0.5&source=SAR
IBM Sterling Partner Engagement Manager Standard Edition 6.2.1.2 https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FIBM+Sterling+Partner+Engagement+Manager+Software&fixids=IBM_PEM_Standard_6.2.1.2&source=SAR

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmmulti-enterprise_integration_gatewayMatch6.1
OR
ibmmulti-enterprise_integration_gatewayMatch6.2
OR
ibmmulti-enterprise_integration_gatewayMatch6.2.1

Related

cve 1
nvd 1
cnvd 1
prion 1
cvelist 1
cve
cve
CVE-2022-34335
2023-01-11 17:15:09
nvd
nvd
CVE-2022-34335
2023-01-11 17:15:09
cnvd
cnvd
IBM Sterling Partner Engagement Manager Denial of Service Vulnerability
2023-01-14 00:00:00
prion
prion
Code injection
2023-01-11 17:15:00
cvelist
cvelist
CVE-2022-34335 IBM Sterling Partner Engagement Manager denial of service
2023-01-11 16:42:28

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

30.2%

JSON
Related for F8602E1C3B9435C4A0B738387786534FEDC1E41370E52CF2BC9BD07BB1203C4A
cve1nvd1cnvd1prion1cvelist1