Sterling Partner Engagement Manager@6.1.2 Security Vulnerabilities and Issues — Sterling Partner Engagement Manager@6.1.2 CVE List

Lucene search

IbmSterling Partner Engagement Manager6.1.2

10 matches found

CVE•added 2022/07/19 5:15 p.m.•58 views

CVE-2022-22359

IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220652.

6.5CVSS6.4AI score0.00128EPSS

CVE•added 2022/07/19 5:15 p.m.•57 views

CVE-2022-22360

IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. ...

8.8CVSS8.3AI score0.00903EPSS

CVE•added 2023/10/23 6:15 p.m.•57 views

CVE-2023-38722

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sess...

6.4CVSS5.3AI score0.00058EPSS

CVE•added 2022/07/19 5:15 p.m.•55 views

CVE-2022-22358

IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 220651.

7.1CVSS6.8AI score0.00636EPSS

CVE•added 2023/10/23 6:15 p.m.•53 views

CVE-2023-43045

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM X-Force ID: 266896.

7.5CVSS6.3AI score0.0003EPSS

CVE•added 2022/07/19 5:15 p.m.•52 views

CVE-2022-22416

IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ...

5.4CVSS5.3AI score0.0018EPSS

CVE•added 2022/07/19 5:15 p.m.•52 views

CVE-2022-22417

IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ses...

5.4CVSS5.2AI score0.00213EPSS

CVE•added 2023/01/11 5:15 p.m.•48 views

CVE-2022-40615

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 236208.

9.8CVSS7.9AI score0.00082EPSS

CVE•added 2023/01/11 5:15 p.m.•40 views

CVE-2022-34335

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.1 could allow an authenticated user to exhaust server resources which could lead to a denial of service. IBM X-Force ID: 229705.

6.5CVSS6.3AI score0.00075EPSS

CVE•added 2024/03/13 10:15 a.m.•27 views

CVE-2023-28517

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IB...

5.4CVSS5.2AI score0.0004EPSS