Ibm Sterling Partner Engagement Manager On Cloud vulnerabilities
6 known vulnerabilities affecting ibm/sterling_partner_engagement_manager_on_cloud.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2022-35639HIGHCVSS 7.5v22.22022-07-26
CVE-2022-35639 [HIGH] CVE-2022-35639: IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connec
IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connection which could cause the server to become unresponsive. IBM X-Force ID: 230932.
cvelistv5nvd
CVE-2022-22360HIGHCVSS 8.8v22.22022-07-19
CVE-2022-22360 [HIGH] CWE-74 CVE-2022-22360: IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 could allow a remote authent
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM X-Force ID: 220782.
cvelistv5nvd
CVE-2022-22358HIGHCVSS 7.1v22.22022-07-19
CVE-2022-22358 [HIGH] CWE-611 CVE-2022-22358: IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML Exte
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 220651.
cvelistv5nvd
CVE-2022-22359MEDIUMCVSS 6.5v22.22022-07-19
CVE-2022-22359 [MEDIUM] CWE-352 CVE-2022-22359: IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220652.
cvelistv5nvd
CVE-2022-22417MEDIUMCVSS 5.4v22.22022-07-19
CVE-2022-22417 [MEDIUM] CWE-79 CVE-2022-22417: IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 223127.
cvelistv5nvd
CVE-2022-22416MEDIUMCVSS 5.4v22.22022-07-19
CVE-2022-22416 [MEDIUM] CWE-918 CVE-2022-22416: IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 223126.
cvelistv5nvd