CVE-2023-23482

3 documents3 sources

Severity

9.6CRITICAL

EPSS

0.1%

top 78.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Sterling Partner Engagement Manager

Timeline

PublishedJun 8

Description

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 245891.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDibm/sterling_partner_engagement_manager6.1.2 — 6.1.2.8+2

▶CVEListV5ibm/sterling_partner_engagement_manager6.1, 6.2, 6.2.1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

CVEList

IBM Sterling Partner Engagement Manager clickjacking↗2023-06-08

▶

GHSA

GHSA-mh5j-645v-337g: IBM Sterling Partner Engagement Manager 6↗2023-06-08

▶