CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 0CVE-2023-38722 – IBM Sterling Partner Engagement Manager cross-site scripting
https://notcve.org/view.php?id=CVE-2023-38722
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 262174. IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0 y 6.2.2 es vulnerable a cross-site scripting almacenado. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/262174 https://www.ibm.com/support/pages/node/7057407 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-43045 – IBM Sterling Partner Engagement Manager security bypass
https://notcve.org/view.php?id=CVE-2023-43045
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM X-Force ID: 266896. IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0 y 6.2.2 podrían permitir que un usuario remoto realice acciones no autorizadas debido a una autenticación incorrecta. ID de IBM X-Force: 266896. • https://exchange.xforce.ibmcloud.com/vulnerabilities/266896 https://www.ibm.com/support/pages/node/7057409 • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-306: Missing Authentication for Critical Function •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2023-23480 – IBM Sterling Partner Engagement Manager cross-site scripting
https://notcve.org/view.php?id=CVE-2023-23480
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245885. • https://exchange.xforce.ibmcloud.com/vulnerabilities/245885 https://www.ibm.com/support/pages/node/7001563 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 7EXPL: 0CVE-2023-23481 – IBM Sterling Partner Engagement Manager cross-site scripting
https://notcve.org/view.php?id=CVE-2023-23481
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245889. IBM Sterling Partner Engagement Manager v6.1, v6.2 y v6.2.1 es vulnerable a Cross-Site Scripting Almacenado. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario a la interfaz de usuario web, lo que altera la funcionalidad prevista y puede conducir a la divulgación de credenciales en una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/245889 https://www.ibm.com/support/pages/node/7001561 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 0%CPEs: 7EXPL: 0CVE-2023-23482 – IBM Sterling Partner Engagement Manager clickjacking
https://notcve.org/view.php?id=CVE-2023-23482
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 245891. IBM Sterling Partner Engagement Manager v6.1, v6.2 y v6.2.1 podría permitir a un atacante remoto secuestrar la acción de hacer clic de la víctima. Al persuadir a una víctima para que visite un sitio web malicioso, un atacante remoto podría aprovechar esta vulnerabilidad para secuestrar las acciones de clic de la víctima y, posiblemente, lanzar más ataques contra ella. • https://exchange.xforce.ibmcloud.com/vulnerabilities/245891 https://www.ibm.com/support/pages/node/7001569 •