Vulnerabilities > IBM > Sterling Partner Engagement Manager > 6.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-10-10 | CVE-2022-34334 | Session Fixation vulnerability in IBM Sterling Partner Engagement Manager 2.0/6.1 IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 6.5 |
2022-09-23 | CVE-2022-34348 | XXE vulnerability in IBM Sterling Partner Engagement Manager 6.1/6.1.2/6.2.1.0 IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
2022-07-26 | CVE-2022-35639 | Unspecified vulnerability in IBM products IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connection which could cause the server to become unresponsive. | 7.5 |