Vulnerabilities > CVE-2022-22332 - Operation on a Resource after Expiration or Release vulnerability in IBM Partner Engagement Manager 6.2.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
ibm
CWE-672

Summary

IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for the JWT token. IBM X-Force ID: 219131.

Vulnerable Configurations

Part Description Count
Application
Ibm
1