Skip to main content

Partner Engagement Manager

5 CVEs product

Monthly

CVE-2022-34354 LOW PATCH Monitor

IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure IBM Partner Engagement Manager
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-22332 HIGH PATCH This Week

IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for the JWT token. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Partner Engagement Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-22331 HIGH PATCH This Week

IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Partner Engagement Manager
NVD
CVSS 3.1
7.1
EPSS
0.7%
CVE-2022-22328 MEDIUM PATCH This Month

IBM SterlingPartner Engagement Manager 6.2.0 could allow a malicious user to elevate their privileges and perform unintended operations to another users data. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

IBM Information Disclosure Partner Engagement Manager
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2021-29781 CRITICAL PATCH Act Now

IBM Partner Engagement Manager 2.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization IBM RCE Partner Engagement Manager
NVD
CVSS 3.1
9.8
EPSS
2.9%
EPSS 0% CVSS 3.3
LOW PATCH Monitor

IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure IBM Partner Engagement Manager
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for the JWT token. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Partner Engagement Manager
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Partner Engagement Manager
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

IBM SterlingPartner Engagement Manager 6.2.0 could allow a malicious user to elevate their privileges and perform unintended operations to another users data. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

IBM Information Disclosure Partner Engagement Manager
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

IBM Partner Engagement Manager 2.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization IBM RCE +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy