Vulnerabilities > IBM > Sterling Partner Engagement Manager > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-16 | CVE-2022-35640 | Information Exposure Through an Error Message vulnerability in IBM Sterling Partner Engagement Manager 6.2.2 IBM Sterling Partner Engagement Manager 6.2.2 could allow a local attacker to obtain sensitive information when a detailed technical error message is returned. | 5.5 |
| 2023-10-23 | CVE-2023-38722 | Cross-site Scripting vulnerability in IBM Sterling Partner Engagement Manager 6.1.2/6.2.0/6.2.2 IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. | 5.4 |
| 2023-06-08 | CVE-2023-23480 | Cross-site Scripting vulnerability in IBM Sterling Partner Engagement Manager IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting. | 5.4 |
| 2023-06-08 | CVE-2023-23481 | Cross-site Scripting vulnerability in IBM Sterling Partner Engagement Manager IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. | 5.4 |
| 2023-01-11 | CVE-2022-34335 | Resource Exhaustion vulnerability in IBM Sterling Partner Engagement Manager 6.1.2/6.2.0/6.2.1 IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.1 could allow an authenticated user to exhaust server resources which could lead to a denial of service. | 6.5 |
| 2022-10-10 | CVE-2022-34334 | Session Fixation vulnerability in IBM Sterling Partner Engagement Manager 2.0/6.1 IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 6.5 |