Server side request forgery (ssrf)

2022-07-1917:15:00

PRIOn knowledge base

www.prio-n.com

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.8%

JSON

IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 223126.

CPENameOperatorVersion
partner_engagement_managerge6.2.0
partner_engagement_managerlt6.2.0.3
partner_engagement_managerge6.2.0
partner_engagement_managerlt6.2.0.3
partner_engagement_managerge6.1.2
partner_engagement_managerlt6.1.2.5
partner_engagement_managerge6.1.2
partner_engagement_managerlt6.1.2.5
partner_engagement_manager_on_cloud\\/saaseq22.2

Name	Operator	Version
partner_engagement_manager	ge	6.2.0
partner_engagement_manager	lt	6.2.0.3
partner_engagement_manager	ge	6.2.0
partner_engagement_manager	lt	6.2.0.3
partner_engagement_manager	ge	6.1.2
partner_engagement_manager	lt	6.1.2.5
partner_engagement_manager	ge	6.1.2
partner_engagement_manager	lt	6.1.2.5
partner_engagement_manager_on_cloud\\/saas	eq	22.2