Vulnerabilities > IBM > Sterling Partner Engagement Manager > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-07-16 CVE-2022-35640 Unspecified vulnerability in IBM Sterling Partner Engagement Manager 6.2.2
IBM Sterling Partner Engagement Manager 6.2.2 could allow a local attacker to obtain sensitive information when a detailed technical error message is returned.
local
low complexity
ibm
5.5
2023-10-23 CVE-2023-38722 Cross-site Scripting vulnerability in IBM Sterling Partner Engagement Manager 6.1.2/6.2.0/6.2.2
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-06-08 CVE-2023-23480 Cross-site Scripting vulnerability in IBM Sterling Partner Engagement Manager
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-06-08 CVE-2023-23481 Cross-site Scripting vulnerability in IBM Sterling Partner Engagement Manager
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-01-11 CVE-2022-34335 Resource Exhaustion vulnerability in IBM Sterling Partner Engagement Manager 6.1.2/6.2.0/6.2.1
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.1 could allow an authenticated user to exhaust server resources which could lead to a denial of service.
network
low complexity
ibm CWE-400
6.5
2022-10-10 CVE-2022-34334 Session Fixation vulnerability in IBM Sterling Partner Engagement Manager 2.0/6.1
IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-384
6.5