CVE-2022-34335 — Uncontrolled Resource Consumption in IBM Sterling Partner Engagement Manager

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.5%

top 35.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Sterling Partner Engagement Manager

Timeline

PublishedJan 11

Description

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.1 could allow an authenticated user to exhaust server resources which could lead to a denial of service. IBM X-Force ID: 229705.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/sterling_partner_engagement_manager6.1.2, 6.2.0, 6.2.1

▶NVDibm/sterling_partner_engagement_manager6.1.2, 6.2.0, 6.2.1+2

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-rpf3-74p4-xxxj: IBM Sterling Partner Engagement Manager 6↗2023-01-11

▶

CVEList

IBM Sterling Partner Engagement Manager denial of service↗2023-01-11

▶