Vulnerabilities > IBM > Partner Engagement Manager ON Cloud Saas

DATE CVE VULNERABILITY TITLE RISK
2022-07-19 CVE-2022-22358 XXE vulnerability in IBM products
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
2022-07-19 CVE-2022-22359 Cross-Site Request Forgery (CSRF) vulnerability in IBM products
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
6.5
2022-07-19 CVE-2022-22360 Injection vulnerability in IBM products
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 could allow a remote authenticated attacker to conduct an LDAP injection.
network
low complexity
ibm CWE-74
8.8
2022-07-19 CVE-2022-22416 Server-Side Request Forgery (SSRF) vulnerability in IBM products
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm CWE-918
5.4
2022-07-19 CVE-2022-22417 Cross-site Scripting vulnerability in IBM products
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4