Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for Sterling Partner Engagement Manager on Cloud by IBM

    CVE-2022-35639 (GCVE-0-2022-35639)

    Vulnerability from nvd – Published: 2022-07-26 14:25 – Updated: 2024-09-16 22:09
    VLAI
    Summary
    IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connection which could cause the server to become unresponsive. IBM X-Force ID: 230932.
    CWE
    • Denial of Service
    Assigner
    ibm
    References
    Date Public
    2022-07-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T09:36:44.385Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6606969"
              },
              {
                "name": "ibm-sterling-cve202235639-dos (230932)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230932"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sterling Partner Engagement Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2"
                },
                {
                  "status": "affected",
                  "version": "6.1"
                }
              ]
            },
            {
              "product": "Sterling Partner Engagement Manager on Cloud",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.2"
                }
              ]
            }
          ],
          "datePublic": "2022-07-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connection which could cause the server to become unresponsive. IBM X-Force ID: 230932."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 6.5,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/PR:N/UI:N/A:H/AV:N/S:U/I:N/AC:L/C:N/E:U/RL:O/RC:C",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-26T14:25:39.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6606969"
            },
            {
              "name": "ibm-sterling-cve202235639-dos (230932)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230932"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2022-07-25T00:00:00",
              "ID": "CVE-2022-35639",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Sterling Partner Engagement Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.2"
                              },
                              {
                                "version_value": "6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Sterling Partner Engagement Manager on Cloud",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "22.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connection which could cause the server to become unresponsive. IBM X-Force ID: 230932."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "H",
                  "AC": "L",
                  "AV": "N",
                  "C": "N",
                  "I": "N",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6606969",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6606969 (Sterling Partner Engagement Manager)",
                  "url": "https://www.ibm.com/support/pages/node/6606969"
                },
                {
                  "name": "ibm-sterling-cve202235639-dos (230932)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230932"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-35639",
        "datePublished": "2022-07-26T14:25:39.449Z",
        "dateReserved": "2022-07-11T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:09:50.790Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22417 (GCVE-0-2022-22417)

    Vulnerability from nvd – Published: 2022-07-19 16:25 – Updated: 2024-09-16 19:04
    VLAI
    Summary
    IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 223127.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Date Public
    2022-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.131Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6604991"
              },
              {
                "name": "ibm-sterling-cve202222417-xss (223127)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/223127"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sterling Partner Engagement Manager on Cloud",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.2"
                }
              ]
            },
            {
              "product": "Sterling Partner Engagement Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.1.2"
                },
                {
                  "status": "affected",
                  "version": "6.2"
                }
              ]
            }
          ],
          "datePublic": "2022-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 223127."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/C:L/S:C/A:N/I:L/AC:L/AV:N/PR:L/UI:R/E:H/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-19T16:25:23.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6604991"
            },
            {
              "name": "ibm-sterling-cve202222417-xss (223127)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/223127"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2022-07-18T00:00:00",
              "ID": "CVE-2022-22417",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Sterling Partner Engagement Manager on Cloud",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "22.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Sterling Partner Engagement Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.1.2"
                              },
                              {
                                "version_value": "6.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 223127."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "H",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6604991",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6604991 (Sterling Partner Engagement Manager)",
                  "url": "https://www.ibm.com/support/pages/node/6604991"
                },
                {
                  "name": "ibm-sterling-cve202222417-xss (223127)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/223127"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-22417",
        "datePublished": "2022-07-19T16:25:23.938Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:04:38.414Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22416 (GCVE-0-2022-22416)

    Vulnerability from nvd – Published: 2022-07-19 16:25 – Updated: 2024-09-16 16:47
    VLAI
    Summary
    IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 223126.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Date Public
    2022-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.065Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6604989"
              },
              {
                "name": "ibm-sterling-cve202222416-ssrf (223126)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/223126"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sterling Partner Engagement Manager on Cloud",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.2"
                }
              ]
            },
            {
              "product": "Sterling Partner Engagement Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.1.2"
                },
                {
                  "status": "affected",
                  "version": "6.2"
                }
              ]
            }
          ],
          "datePublic": "2022-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 223126."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 4.7,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/UI:N/AV:N/PR:L/C:L/S:U/A:N/I:L/AC:L/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-19T16:25:22.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6604989"
            },
            {
              "name": "ibm-sterling-cve202222416-ssrf (223126)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/223126"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2022-07-18T00:00:00",
              "ID": "CVE-2022-22416",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Sterling Partner Engagement Manager on Cloud",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "22.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Sterling Partner Engagement Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.1.2"
                              },
                              {
                                "version_value": "6.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 223126."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6604989",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6604989 (Sterling Partner Engagement Manager)",
                  "url": "https://www.ibm.com/support/pages/node/6604989"
                },
                {
                  "name": "ibm-sterling-cve202222416-ssrf (223126)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/223126"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-22416",
        "datePublished": "2022-07-19T16:25:22.492Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:47:43.485Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22360 (GCVE-0-2022-22360)

    Vulnerability from nvd – Published: 2022-07-19 16:25 – Updated: 2024-09-17 03:07
    VLAI
    Summary
    IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM X-Force ID: 220782.
    CWE
    • Gain Privileges
    Assigner
    ibm
    References
    Date Public
    2022-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:54.536Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6604995"
              },
              {
                "name": "ibm-sterling-cve202222360-ldap-injection (220782)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220782"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sterling Partner Engagement Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.1.2"
                },
                {
                  "status": "affected",
                  "version": "6.2"
                }
              ]
            },
            {
              "product": "Sterling Partner Engagement Manager on Cloud",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.2"
                }
              ]
            }
          ],
          "datePublic": "2022-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM X-Force ID: 220782."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 6.5,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/PR:L/AV:N/UI:N/I:H/AC:H/A:H/S:U/C:H/RL:O/RC:C/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Privileges",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-19T16:25:20.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6604995"
            },
            {
              "name": "ibm-sterling-cve202222360-ldap-injection (220782)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220782"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2022-07-18T00:00:00",
              "ID": "CVE-2022-22360",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Sterling Partner Engagement Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.1.2"
                              },
                              {
                                "version_value": "6.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Sterling Partner Engagement Manager on Cloud",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "22.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM X-Force ID: 220782."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "H",
                  "AC": "H",
                  "AV": "N",
                  "C": "H",
                  "I": "H",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6604995",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6604995 (Sterling Partner Engagement Manager)",
                  "url": "https://www.ibm.com/support/pages/node/6604995"
                },
                {
                  "name": "ibm-sterling-cve202222360-ldap-injection (220782)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220782"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-22360",
        "datePublished": "2022-07-19T16:25:20.916Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:07:59.037Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22359 (GCVE-0-2022-22359)

    Vulnerability from nvd – Published: 2022-07-19 16:25 – Updated: 2024-09-16 20:12
    VLAI
    Summary
    IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220652.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Date Public
    2022-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:54.590Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6604987"
              },
              {
                "name": "ibm-sterling-cve202222359-csrf (220652)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220652"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sterling Partner Engagement Manager on Cloud",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.2"
                }
              ]
            },
            {
              "product": "Sterling Partner Engagement Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.1.2"
                },
                {
                  "status": "affected",
                  "version": "6.2"
                }
              ]
            }
          ],
          "datePublic": "2022-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220652."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.8,
                "temporalSeverity": "LOW",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/I:L/AC:L/A:N/S:U/C:N/UI:R/PR:N/AV:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-19T16:25:19.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6604987"
            },
            {
              "name": "ibm-sterling-cve202222359-csrf (220652)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220652"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2022-07-18T00:00:00",
              "ID": "CVE-2022-22359",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Sterling Partner Engagement Manager on Cloud",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "22.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Sterling Partner Engagement Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.1.2"
                              },
                              {
                                "version_value": "6.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220652."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "N",
                  "I": "L",
                  "PR": "N",
                  "S": "U",
                  "UI": "R"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6604987",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6604987 (Sterling Partner Engagement Manager)",
                  "url": "https://www.ibm.com/support/pages/node/6604987"
                },
                {
                  "name": "ibm-sterling-cve202222359-csrf (220652)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220652"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-22359",
        "datePublished": "2022-07-19T16:25:19.483Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:12:32.392Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22358 (GCVE-0-2022-22358)

    Vulnerability from nvd – Published: 2022-07-19 16:25 – Updated: 2024-09-17 01:06
    VLAI
    Summary
    IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 220651.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Date Public
    2022-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:54.687Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6604993"
              },
              {
                "name": "ibm-sterling-cve202222358-xxe (220651)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220651"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sterling Partner Engagement Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.1.2"
                },
                {
                  "status": "affected",
                  "version": "6.2"
                }
              ]
            },
            {
              "product": "Sterling Partner Engagement Manager on Cloud",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.2"
                }
              ]
            }
          ],
          "datePublic": "2022-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 220651."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 6.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/UI:N/PR:L/AV:N/AC:L/I:N/A:L/S:U/C:H/RL:O/RC:C/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-19T16:25:17.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6604993"
            },
            {
              "name": "ibm-sterling-cve202222358-xxe (220651)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220651"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2022-07-18T00:00:00",
              "ID": "CVE-2022-22358",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Sterling Partner Engagement Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.1.2"
                              },
                              {
                                "version_value": "6.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Sterling Partner Engagement Manager on Cloud",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "22.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 220651."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "L",
                  "AC": "L",
                  "AV": "N",
                  "C": "H",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6604993",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6604993 (Sterling Partner Engagement Manager)",
                  "url": "https://www.ibm.com/support/pages/node/6604993"
                },
                {
                  "name": "ibm-sterling-cve202222358-xxe (220651)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220651"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-22358",
        "datePublished": "2022-07-19T16:25:17.821Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:06:34.180Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-35639 (GCVE-0-2022-35639)

    Vulnerability from cvelistv5 – Published: 2022-07-26 14:25 – Updated: 2024-09-16 22:09
    VLAI
    Summary
    IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connection which could cause the server to become unresponsive. IBM X-Force ID: 230932.
    CWE
    • Denial of Service
    Assigner
    ibm
    References
    Date Public
    2022-07-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T09:36:44.385Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6606969"
              },
              {
                "name": "ibm-sterling-cve202235639-dos (230932)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230932"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sterling Partner Engagement Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2"
                },
                {
                  "status": "affected",
                  "version": "6.1"
                }
              ]
            },
            {
              "product": "Sterling Partner Engagement Manager on Cloud",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.2"
                }
              ]
            }
          ],
          "datePublic": "2022-07-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connection which could cause the server to become unresponsive. IBM X-Force ID: 230932."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 6.5,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/PR:N/UI:N/A:H/AV:N/S:U/I:N/AC:L/C:N/E:U/RL:O/RC:C",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-26T14:25:39.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6606969"
            },
            {
              "name": "ibm-sterling-cve202235639-dos (230932)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230932"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2022-07-25T00:00:00",
              "ID": "CVE-2022-35639",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Sterling Partner Engagement Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.2"
                              },
                              {
                                "version_value": "6.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Sterling Partner Engagement Manager on Cloud",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "22.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connection which could cause the server to become unresponsive. IBM X-Force ID: 230932."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "H",
                  "AC": "L",
                  "AV": "N",
                  "C": "N",
                  "I": "N",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6606969",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6606969 (Sterling Partner Engagement Manager)",
                  "url": "https://www.ibm.com/support/pages/node/6606969"
                },
                {
                  "name": "ibm-sterling-cve202235639-dos (230932)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230932"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-35639",
        "datePublished": "2022-07-26T14:25:39.449Z",
        "dateReserved": "2022-07-11T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:09:50.790Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22417 (GCVE-0-2022-22417)

    Vulnerability from cvelistv5 – Published: 2022-07-19 16:25 – Updated: 2024-09-16 19:04
    VLAI
    Summary
    IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 223127.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Date Public
    2022-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.131Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6604991"
              },
              {
                "name": "ibm-sterling-cve202222417-xss (223127)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/223127"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sterling Partner Engagement Manager on Cloud",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.2"
                }
              ]
            },
            {
              "product": "Sterling Partner Engagement Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.1.2"
                },
                {
                  "status": "affected",
                  "version": "6.2"
                }
              ]
            }
          ],
          "datePublic": "2022-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 223127."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/C:L/S:C/A:N/I:L/AC:L/AV:N/PR:L/UI:R/E:H/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-19T16:25:23.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6604991"
            },
            {
              "name": "ibm-sterling-cve202222417-xss (223127)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/223127"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2022-07-18T00:00:00",
              "ID": "CVE-2022-22417",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Sterling Partner Engagement Manager on Cloud",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "22.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Sterling Partner Engagement Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.1.2"
                              },
                              {
                                "version_value": "6.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 223127."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "H",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6604991",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6604991 (Sterling Partner Engagement Manager)",
                  "url": "https://www.ibm.com/support/pages/node/6604991"
                },
                {
                  "name": "ibm-sterling-cve202222417-xss (223127)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/223127"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-22417",
        "datePublished": "2022-07-19T16:25:23.938Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:04:38.414Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22416 (GCVE-0-2022-22416)

    Vulnerability from cvelistv5 – Published: 2022-07-19 16:25 – Updated: 2024-09-16 16:47
    VLAI
    Summary
    IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 223126.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Date Public
    2022-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.065Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6604989"
              },
              {
                "name": "ibm-sterling-cve202222416-ssrf (223126)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/223126"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sterling Partner Engagement Manager on Cloud",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.2"
                }
              ]
            },
            {
              "product": "Sterling Partner Engagement Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.1.2"
                },
                {
                  "status": "affected",
                  "version": "6.2"
                }
              ]
            }
          ],
          "datePublic": "2022-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 223126."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 4.7,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/UI:N/AV:N/PR:L/C:L/S:U/A:N/I:L/AC:L/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-19T16:25:22.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6604989"
            },
            {
              "name": "ibm-sterling-cve202222416-ssrf (223126)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/223126"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2022-07-18T00:00:00",
              "ID": "CVE-2022-22416",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Sterling Partner Engagement Manager on Cloud",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "22.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Sterling Partner Engagement Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.1.2"
                              },
                              {
                                "version_value": "6.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 223126."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6604989",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6604989 (Sterling Partner Engagement Manager)",
                  "url": "https://www.ibm.com/support/pages/node/6604989"
                },
                {
                  "name": "ibm-sterling-cve202222416-ssrf (223126)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/223126"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-22416",
        "datePublished": "2022-07-19T16:25:22.492Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:47:43.485Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22360 (GCVE-0-2022-22360)

    Vulnerability from cvelistv5 – Published: 2022-07-19 16:25 – Updated: 2024-09-17 03:07
    VLAI
    Summary
    IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM X-Force ID: 220782.
    CWE
    • Gain Privileges
    Assigner
    ibm
    References
    Date Public
    2022-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:54.536Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6604995"
              },
              {
                "name": "ibm-sterling-cve202222360-ldap-injection (220782)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220782"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sterling Partner Engagement Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.1.2"
                },
                {
                  "status": "affected",
                  "version": "6.2"
                }
              ]
            },
            {
              "product": "Sterling Partner Engagement Manager on Cloud",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.2"
                }
              ]
            }
          ],
          "datePublic": "2022-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM X-Force ID: 220782."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 6.5,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/PR:L/AV:N/UI:N/I:H/AC:H/A:H/S:U/C:H/RL:O/RC:C/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Privileges",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-19T16:25:20.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6604995"
            },
            {
              "name": "ibm-sterling-cve202222360-ldap-injection (220782)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220782"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2022-07-18T00:00:00",
              "ID": "CVE-2022-22360",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Sterling Partner Engagement Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.1.2"
                              },
                              {
                                "version_value": "6.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Sterling Partner Engagement Manager on Cloud",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "22.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM X-Force ID: 220782."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "H",
                  "AC": "H",
                  "AV": "N",
                  "C": "H",
                  "I": "H",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6604995",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6604995 (Sterling Partner Engagement Manager)",
                  "url": "https://www.ibm.com/support/pages/node/6604995"
                },
                {
                  "name": "ibm-sterling-cve202222360-ldap-injection (220782)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220782"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-22360",
        "datePublished": "2022-07-19T16:25:20.916Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:07:59.037Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22359 (GCVE-0-2022-22359)

    Vulnerability from cvelistv5 – Published: 2022-07-19 16:25 – Updated: 2024-09-16 20:12
    VLAI
    Summary
    IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220652.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Date Public
    2022-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:54.590Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6604987"
              },
              {
                "name": "ibm-sterling-cve202222359-csrf (220652)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220652"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sterling Partner Engagement Manager on Cloud",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.2"
                }
              ]
            },
            {
              "product": "Sterling Partner Engagement Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.1.2"
                },
                {
                  "status": "affected",
                  "version": "6.2"
                }
              ]
            }
          ],
          "datePublic": "2022-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220652."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.8,
                "temporalSeverity": "LOW",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/I:L/AC:L/A:N/S:U/C:N/UI:R/PR:N/AV:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-19T16:25:19.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6604987"
            },
            {
              "name": "ibm-sterling-cve202222359-csrf (220652)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220652"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2022-07-18T00:00:00",
              "ID": "CVE-2022-22359",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Sterling Partner Engagement Manager on Cloud",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "22.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Sterling Partner Engagement Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.1.2"
                              },
                              {
                                "version_value": "6.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220652."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "N",
                  "I": "L",
                  "PR": "N",
                  "S": "U",
                  "UI": "R"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6604987",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6604987 (Sterling Partner Engagement Manager)",
                  "url": "https://www.ibm.com/support/pages/node/6604987"
                },
                {
                  "name": "ibm-sterling-cve202222359-csrf (220652)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220652"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-22359",
        "datePublished": "2022-07-19T16:25:19.483Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:12:32.392Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22358 (GCVE-0-2022-22358)

    Vulnerability from cvelistv5 – Published: 2022-07-19 16:25 – Updated: 2024-09-17 01:06
    VLAI
    Summary
    IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 220651.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Date Public
    2022-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:54.687Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6604993"
              },
              {
                "name": "ibm-sterling-cve202222358-xxe (220651)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220651"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sterling Partner Engagement Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.1.2"
                },
                {
                  "status": "affected",
                  "version": "6.2"
                }
              ]
            },
            {
              "product": "Sterling Partner Engagement Manager on Cloud",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.2"
                }
              ]
            }
          ],
          "datePublic": "2022-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 220651."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 6.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/UI:N/PR:L/AV:N/AC:L/I:N/A:L/S:U/C:H/RL:O/RC:C/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-19T16:25:17.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6604993"
            },
            {
              "name": "ibm-sterling-cve202222358-xxe (220651)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220651"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2022-07-18T00:00:00",
              "ID": "CVE-2022-22358",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Sterling Partner Engagement Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.1.2"
                              },
                              {
                                "version_value": "6.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Sterling Partner Engagement Manager on Cloud",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "22.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 220651."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "L",
                  "AC": "L",
                  "AV": "N",
                  "C": "H",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6604993",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6604993 (Sterling Partner Engagement Manager)",
                  "url": "https://www.ibm.com/support/pages/node/6604993"
                },
                {
                  "name": "ibm-sterling-cve202222358-xxe (220651)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220651"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-22358",
        "datePublished": "2022-07-19T16:25:17.821Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:06:34.180Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }