CVE-2022-22360Injection in IBM Partner Engagement Manager

CWE-74Injection3 documents3 sources
Severity
8.8HIGHNVD
EPSS
1.2%
top 21.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
IBM Partner Engagement ManagerIBM Sterling Partner Engagement ManagerIBM Sterling Partner Engagement Manager ON Cloud+1 more
Timeline
PublishedJul 19
Latest updateJul 20

Description

IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM X-Force ID: 220782.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

NVDibm/partner_engagement_manager6.1.26.1.2.5+1

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-4pr4-pf4q-cm77: IBM Sterling Partner Engagement Manager 62022-07-20
CVEList
CVE-2022-22360: IBM Sterling Partner Engagement Manager 62022-07-19
CVE-2022-22360 — Injection in IBM | cvebase