Vulnerabilities > IBM > Sterling Partner Engagement Manager

DATE CVE VULNERABILITY TITLE RISK
2024-07-16 CVE-2022-35640 Information Exposure Through an Error Message vulnerability in IBM Sterling Partner Engagement Manager 6.2.2
IBM Sterling Partner Engagement Manager 6.2.2 could allow a local attacker to obtain sensitive information when a detailed technical error message is returned.
local
low complexity
ibm CWE-209
5.5
2023-10-23 CVE-2023-38722 Cross-site Scripting vulnerability in IBM Sterling Partner Engagement Manager 6.1.2/6.2.0/6.2.2
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-10-23 CVE-2023-43045 Missing Authentication for Critical Function vulnerability in IBM Sterling Partner Engagement Manager 6.1.2/6.2.0/6.2.2
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication.
network
low complexity
ibm CWE-306
7.5
2023-06-08 CVE-2023-23480 Cross-site Scripting vulnerability in IBM Sterling Partner Engagement Manager
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-06-08 CVE-2023-23481 Cross-site Scripting vulnerability in IBM Sterling Partner Engagement Manager
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-06-08 CVE-2023-23482 Unspecified vulnerability in IBM Sterling Partner Engagement Manager
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim.
network
low complexity
ibm
critical
9.6
2023-01-11 CVE-2022-34335 Resource Exhaustion vulnerability in IBM Sterling Partner Engagement Manager 6.1.2/6.2.0/6.2.1
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.1 could allow an authenticated user to exhaust server resources which could lead to a denial of service.
network
low complexity
ibm CWE-400
6.5
2023-01-11 CVE-2022-40615 SQL Injection vulnerability in IBM Sterling Partner Engagement Manager 6.1.2/6.2.0/6.2.1
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
critical
9.8
2022-10-10 CVE-2022-34334 Session Fixation vulnerability in IBM Sterling Partner Engagement Manager 2.0/6.1
IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-384
6.5
2022-09-23 CVE-2022-34348 XXE vulnerability in IBM Sterling Partner Engagement Manager 6.1/6.1.2/6.2.1.0
IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1