CVE-2022-34334

CWE-3843 documents3 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 73.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Sterling Partner Engagement Manager

Timeline

PublishedOct 10

Latest updateOct 11

Description

IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 229704.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/sterling_partner_engagement_manager2.0, 6.1+1

▶NVDibm/sterling_partner_engagement_manager2.0, 6.1+1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-w37x-68hw-2gcg: IBM Sterling Partner Engagement Manager 2↗2022-10-11

▶

CVEList

CVE-2022-34334: IBM Sterling Partner Engagement Manager 2↗2022-10-10

▶