Security Bulletin: Apache Shiro (Publicly disclosed vulnerability) Affects IBM Partner Engagement Manager (CVE-2022-32532)
Summary IBM Sterling Partner Engagement Manager uses Apache Shiro library 1.9.1, where A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with . in the regular expression are possibly vulnerable to an authorization bypass...