CVE-2022-34348XML External Entity (XXE) Injection in IBM Sterling Partner Engagement Manager

CWE-611XML External Entity (XXE) Injection3 documents3 sources
Severity
7.1HIGHNVD
EPSS
0.4%
top 38.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Sterling Partner Engagement ManagerIBM Partner Engagement Manager
Timeline
PublishedSep 23
Latest updateSep 25

Description

IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 230017.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:LExploitability: 2.8 | Impact: 4.2

Affected Packages2 packages

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-xg7c-263c-79vp: IBM Sterling Partner Engagement Manager 62022-09-25
CVEList
CVE-2022-34348: IBM Sterling Partner Engagement Manager 62022-09-23
CVE-2022-34348 — XML External Entity (XXE) Injection | cvebase