PT-2026-25346

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors...

CVE-2022-35640

IBM Sterling Partner Engagement Manager 6.2.2 is affected by an information disclosure vulnerability caused by improper error handling that can reveal detailed internal error messages to a local attacker. Affected product: IBM Sterling Partner Engagement Manager (PEM) and its editions (Essentials...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to information disclosure (CVE-2022-35718)

Summary IBM Sterling Partner Engagement Manager is vulnerable to information disclosure. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2022-35718 DESCRIPTION: IBM Sterling Partner Engagement Manager stores sensitive information in URL...

CVE-2023-43045

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM X-Force ID: 266896...

Authentication flaw

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM X-Force ID: 266896...

CVE-2023-38722 IBM Sterling Partner Engagement Manager cross-site scripting

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2023-23482

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch...

Design/Logic Flaw

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch...

CVE-2023-23481 IBM Sterling Partner Engagement Manager cross-site scripting

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessio...

CVE-2023-23482

CVE-2023-23482 affects IBM Sterling Partner Engagement Manager (Essential/Standard) versions 6.1, 6.2, and 6.2.1. The issue enables a remote attacker to hijack a user’s click actions (clickjacking) by persuading the victim to visit a malicious site, with potential for adjacent or follow-on attack...

CVE-2023-23482 IBM Sterling Partner Engagement Manager clickjacking

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch...

IBM Sterling Partner Engagement Manager 跨站脚本漏洞

IBM Sterling Partner Engagement Manager is an automated management tool from International Business Machines IBM. A security vulnerability exists in IBM Sterling Partner Engagement Manager. An attacker could exploit the vulnerability to embed arbitrary JavaScript code in the Web UI. Affected...

CVE-2022-40615

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 236208...

Sql injection

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 236208...

CVE-2022-40615

IBM Sterling Partner Engagement Manager is vulnerable to SQL injection in versions 6.1.2, 6.2.0, and 6.2.1 due to improper validation of externally entered SQL statements. The issue could allow a remote attacker to view, add, modify, or delete data in the back-end database. Remediation provided b...

CVE-2022-40615 IBM Sterling Partner Engagement Manager SQL injection

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 236208...

CVE-2022-34354 IBM Sterling Partner Engagement Manager information disclosure

IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424...

CVE-2022-34334

IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 229704...

CVE-2022-34348

IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 230017...

CVE-2022-22358

IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 220651...