Vulnerabilities > IBM > Sterling Partner Engagement Manager > 6.1

DATE CVE VULNERABILITY TITLE RISK
2022-10-10 CVE-2022-34334 Session Fixation vulnerability in IBM Sterling Partner Engagement Manager 2.0/6.1
IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-384
6.5
2022-09-23 CVE-2022-34348 XXE vulnerability in IBM Sterling Partner Engagement Manager 6.1/6.1.2/6.2.1.0
IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
2022-07-26 CVE-2022-35639 Unspecified vulnerability in IBM products
IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connection which could cause the server to become unresponsive.
network
low complexity
ibm
7.5