Lucene search

IbmVULNRICHMENT:CVE-2022-35640

HistoryJul 16, 2024 - 11:05 p.m.

CVE-2022-35640 IBM Sterling Partner Engagement Manager information disclosure

2024-07-1623:05:39

CWE-209

ibm

github.com

ibm

sterling partner engagement manager

information disclosure

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.7

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

IBM Sterling Partner Engagement Manager 6.2.2 could allow a local attacker to obtain sensitive information when a detailed technical error message is returned. IBM X-Force ID: 230933.

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.2:*:*:*:standard:*:*:*",
      "cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.2:*:*:*:essentials:*:*:*"
    ],
    "vendor": "IBM",
    "product": "Sterling Partner Engagement Manager",
    "versions": [
      {
        "status": "affected",
        "version": "6.2.2"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/230933

www.ibm.com/support/pages/node/7160300

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.7

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2022-35640