CVSS: 9.6EPSS: 0%CPEs: 7EXPL: 0CVE-2023-23482 – IBM Sterling Partner Engagement Manager clickjacking
https://notcve.org/view.php?id=CVE-2023-23482
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 245891. IBM Sterling Partner Engagement Manager v6.1, v6.2 y v6.2.1 podría permitir a un atacante remoto secuestrar la acción de hacer clic de la víctima. Al persuadir a una víctima para que visite un sitio web malicioso, un atacante remoto podría aprovechar esta vulnerabilidad para secuestrar las acciones de clic de la víctima y, posiblemente, lanzar más ataques contra ella. • https://exchange.xforce.ibmcloud.com/vulnerabilities/245891 https://www.ibm.com/support/pages/node/7001569 •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-40615 – IBM Sterling Partner Engagement Manager SQL injection
https://notcve.org/view.php?id=CVE-2022-40615
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 236208. • https://exchange.xforce.ibmcloud.com/vulnerabilities/236208 https://www.ibm.com/support/pages/node/6854333 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-34335 – IBM Sterling Partner Engagement Manager denial of service
https://notcve.org/view.php?id=CVE-2022-34335
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.1 could allow an authenticated user to exhaust server resources which could lead to a denial of service. IBM X-Force ID: 229705. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229705 https://www.ibm.com/support/pages/node/6854331 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34334
https://notcve.org/view.php?id=CVE-2022-34334
IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 229704. IBM Sterling Partner Engagement Manager versión 2.0, no invalida la sesión después de cerrar la sesión, lo que podría permitir a un usuario autenticado hacerse pasar por otro usuario en el sistema. IBM X-Force ID: 229704 • https://exchange.xforce.ibmcloud.com/vulnerabilities/229704 https://www.ibm.com/support/pages/node/6828097 • CWE-384: Session Fixation •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-34348
https://notcve.org/view.php?id=CVE-2022-34348
IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 230017. IBM Sterling Partner Engagement Manager versión 6.1, es vulnerable a un ataque de tipo XML External Entity Injection (XXE) cuando procesa datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para exponer información confidencial o consumir recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/230017 https://www.ibm.com/support/pages/node/6695927 • CWE-611: Improper Restriction of XML External Entity Reference •