Ibm Partner Engagement Manager On Cloud Saas vulnerabilities

5 known vulnerabilities affecting ibm/partner_engagement_manager_on_cloud_saas.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2022-22358HIGHCVSS 7.1v22.22022-07-19
CVE-2022-22358 [HIGH] CWE-611 CVE-2022-22358: IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML Exte IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 220651.
nvd
CVE-2022-22360HIGHCVSS 8.8v22.22022-07-19
CVE-2022-22360 [HIGH] CWE-74 CVE-2022-22360: IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 could allow a remote authent IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM X-Force ID: 220782.
nvd
CVE-2022-22417MEDIUMCVSS 5.4v22.22022-07-19
CVE-2022-22417 [MEDIUM] CWE-79 CVE-2022-22417: IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 223127.
nvd
CVE-2022-22359MEDIUMCVSS 6.5v22.22022-07-19
CVE-2022-22359 [MEDIUM] CWE-352 CVE-2022-22359: IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220652.
nvd
CVE-2022-22416MEDIUMCVSS 5.4v22.22022-07-19
CVE-2022-22416 [MEDIUM] CWE-918 CVE-2022-22416: IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 223126.
nvd