CVE-2022-35639

3 documents3 sources

Severity

7.5HIGH

EPSS

0.4%

top 39.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Sterling Partner Engagement Manager IBM Sterling Partner Engagement Manager ON Cloud

Timeline

PublishedJul 26

Latest updateJul 27

Description

IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connection which could cause the server to become unresponsive. IBM X-Force ID: 230932.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5ibm/sterling_partner_engagement_manager_on_cloud22.2

▶NVDibm/sterling_partner_engagement_manager_on_cloud22.2

▶NVDibm/sterling_partner_engagement_manager6.1 — 6.1.2.5+1

▶CVEListV5ibm/sterling_partner_engagement_manager6.1, 6.2+1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-g4qp-7gv5-8gq3: IBM Sterling Partner Engagement Manager 6↗2022-07-27

▶

CVEList

CVE-2022-35639: IBM Sterling Partner Engagement Manager 6↗2022-07-26

▶