Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component.

Summary Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component. Vulnerability Details CVEID:CVE-2022-42004 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial o...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003)

Summary IBM Sterling Partner Engagement Manager uses FasterXML jackson-databind. Vulnerability Details CVEID:CVE-2022-38751 DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to high confidentiality impacts due to Jave SE (CVE-2023-22041)

Summary IBM Sterling Partner Engagement Manager uses Java SE. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-22041 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a local attacker to cause...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to denial of service due to Apache Commons FileUpload (CVE-2023-24998)

Summary IBM Sterling Partner Engagement Manager uses Apache Commons FileUpload. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by no...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to one-time password bypass (CVE-2023-43045)

Summary IBM Sterling Partner Engagement Manager has addressed a reflected one-time password bypass vulnerability. Vulnerability Details CVEID: CVE-2023-43045 DESCRIPTION: IBM Sterling Partner Engagement Manager could allow a remote user to perform unauthorized actions due to improper...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to cross-site scripting (CVE-2023-38722)

Summary IBM Sterling Partner Engagement Manager has addressed a reflected cross-site scripting vulnerability. Vulnerability Details CVEID:CVE-2023-38722 DESCRIPTION: IBM Sterling Partner Engagement Manager is vulnerable to stored cross-site scripting. This vulnerability allows users to embed...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to clickjacking (CVE-2023-23482)

Summary IBM Sterling Partner Engagement Manager has addressed a vulnerability of missing X-Frame-Options Header which leads to Clickjacking. Vulnerability Details CVEID:CVE-2023-23482 DESCRIPTION: IBM Sterling Partner Engagement Manager could allow a remote attacker to hijack the clicking action ...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to denial of service due to org.glassfish.jersey.core_jersey-common

Summary IBM Sterling Partner Engagement Manager has addressed vulnerability mentioned in CVE by updating to latest versions of libraries. Vulnerability Details IBM X-Force ID: 230016 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an error related to some of the...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to information disclosure vulnerability due to org.glassfish.jersey.core_jersey-common (CVE-2021-28168)

Summary IBM Sterling Partner Engagement Manager has addressed vulnerability mentioned in CVE by updating to latest versions of libraries. Vulnerability Details CVEID:CVE-2021-28168 DESCRIPTION: Eclipse Jersey could allow a local attacker to obtain sensitive information, caused by use of the...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to security bypass due to Spring Security (CVE-2022-31692)

Summary IBM Sterling Partner Engagement Manager has addressed a vulnerablity in Spring Security. Vulnerability Details CVEID:CVE-2022-31692 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions, caused by a flaw when using forward or include...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to multiple issues due to IBM® SDK, Java™ Technology Edition ( CVE-2022-21541, CVE-2022-21540 )

Summary IBM Sterling Partner Engagement Manager has addressed all applicable Java SE CVEs published by Oracle as part of their July 2022 Critical Patch Update. Vulnerability Details CVEID:CVE-2022-21541 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to SQL injection attack (CVE-2022-40615)

Summary IBM Sterling Partner Engagement Manager has addressed a SQL injection vulnerability. Vulnerability Details CVEID:CVE-2022-40615 DESCRIPTION: IBM Sterling Partner Engagement Manager is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to denial of service due to sshd-core (CVE-2021-30129)

Summary IBM Sterling Partner Engagement Manager has addressed a vulnerablity in sshd-core. Vulnerability Details CVEID:CVE-2021-30129 DESCRIPTION: Apache Mina SSHD is vulnerable to a denial of service, caused by an OutOfMemory flaw in the SFTP and port forwarding features in sshd-core. By sending...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to a denial of service due to Vmware Tanzu Spring Framework (CVE-2022-22971)

Summary IBM Sterling Partner Engagement Manager uses Vmware Tanzu Spring Framework that is vulnerable to a denial of service, caused by a flaw with a STOMP over WebSocket endpoint. The issue has been addressed. Vulnerability Details CVEID:CVE-2022-22971 DESCRIPTION: Vmware Tanzu Spring Framework ...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to LDAP injection (CVE-2022-22360)

Summary IBM Sterling Partner Engagement Manager is vulnerable to LDAP injection. The issue has been addressed. Vulnerability Details CVEID:CVE-2022-22360 DESCRIPTION: IBM Sterling Partner Engagement Manager could allow a remote authenticated attacker to conduct an LDAP injection. By using a...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to cross-site request forgery (CVE-2022-22359)

Summary IBM Sterling Partner Engagement Manager could allow a remote attacker to enable Cross-Site Request Forgery CSRF on the system, caused by a parameter from a user request. The issue has been addressed. Vulnerability Details CVEID:CVE-2022-22359 DESCRIPTION: IBM Sterling Partner Engagement...