cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-35640,https://securityvulnerability.io/vulnerability/CVE-2022-35640,IBM Sterling Partner Engagement Manager information disclosure,"An information disclosure vulnerability exists in IBM Sterling Partner Engagement Manager 6.2.2, which may allow a local attacker to retrieve sensitive information. When detailed technical error messages are returned, they may inadvertently disclose data that could be leveraged for unauthorized actions. Organizations using affected versions should assess their exposure and implement necessary mitigations to safeguard against potential exploitation.",IBM,Sterling Partner Engagement Manager,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-16T23:15:00.000Z,0
CVE-2023-28517,https://securityvulnerability.io/vulnerability/CVE-2023-28517,IBM Sterling Partner Engagement Manager vulnerable to Cross-Site Scripting,"The vulnerability in IBM Sterling Partner Engagement Manager affects versions 6.1.2, 6.2.0, and 6.2.2, enabling cross-site scripting (XSS) attacks. This flaw permits users to inject arbitrary JavaScript code into the Web UI, which can circumvent intended security measures. The exploit may result in unauthorized access to sensitive information, including credentials, during a trusted session. Mitigating this vulnerability is crucial to protecting user data and maintaining the integrity of the application.",IBM,Sterling Partner Engagement Manager,5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-03-13T09:14:01.863Z,0
CVE-2023-43045,https://securityvulnerability.io/vulnerability/CVE-2023-43045,IBM Sterling Partner Engagement Manager security bypass,"IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication.  IBM X-Force ID:  266896.",IBM,Sterling Partner Engagement Manager,5.9,MEDIUM,0.000910000002477318,false,,false,false,false,,,false,false,,2023-10-23T18:15:00.000Z,0
CVE-2023-38722,https://securityvulnerability.io/vulnerability/CVE-2023-38722,IBM Sterling Partner Engagement Manager cross-site scripting,"IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  262174.",IBM,Sterling Partner Engagement Manager,6.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2023-10-23T18:15:00.000Z,0
CVE-2023-23482,https://securityvulnerability.io/vulnerability/CVE-2023-23482,IBM Sterling Partner Engagement Manager clickjacking,"IBM Sterling Partner Engagement Manager versions 6.1, 6.2, and 6.2.1 are susceptible to a click hijacking vulnerability. This issue allows a remote attacker to manipulate a victim’s interactions with their web browser. By enticing the victim to visit a malicious site, an attacker can hijack click actions, potentially leading to further attacks or unauthorized actions on behalf of the victim. It is crucial for users to remain vigilant and apply recommended updates to mitigate this risk.",IBM,Sterling Partner Engagement Manager,9.6,CRITICAL,0.0016199999954551458,false,,false,false,false,,,false,false,,2023-06-08T02:15:00.000Z,0
CVE-2023-23481,https://securityvulnerability.io/vulnerability/CVE-2023-23481,IBM Sterling Partner Engagement Manager cross-site scripting,"IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  245889.",IBM,Sterling Partner Engagement Manager,5.4,MEDIUM,0.0005099999834783375,false,,false,false,false,,,false,false,,2023-06-08T02:15:00.000Z,0
CVE-2023-23480,https://securityvulnerability.io/vulnerability/CVE-2023-23480,IBM Sterling Partner Engagement Manager cross-site scripting,"IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  245885.",IBM,Sterling Partner Engagement Manager,5.4,MEDIUM,0.0005099999834783375,false,,false,false,false,,,false,false,,2023-06-08T02:15:00.000Z,0
CVE-2022-40615,https://securityvulnerability.io/vulnerability/CVE-2022-40615,IBM Sterling Partner Engagement Manager SQL injection,"
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 236208.

",IBM,Sterling Partner Engagement Manager,6.3,MEDIUM,0.001120000029914081,false,,false,false,false,,,false,false,,2023-01-11T16:48:43.176Z,0
CVE-2022-34335,https://securityvulnerability.io/vulnerability/CVE-2022-34335,IBM Sterling Partner Engagement Manager denial of service,"
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.1 could allow an authenticated user to exhaust server resources which could lead to a denial of service. IBM X-Force ID: 229705.

",IBM,Sterling Partner Engagement Manager,6.5,MEDIUM,0.0007600000244565308,false,,false,false,false,,,false,false,,2023-01-11T16:42:28.168Z,0
CVE-2022-34334,https://securityvulnerability.io/vulnerability/CVE-2022-34334,Session Fixation Vulnerability in IBM Sterling Partner Engagement Manager,"The IBM Sterling Partner Engagement Manager 2.0 has a session fixation vulnerability that allows an authenticated user to continue their session even after logout, potentially enabling them to impersonate another user within the system. This security flaw poses risks to user confidentiality and system integrity, as it undermines proper session management protocols.",IBM,Sterling Partner Engagement Manager,6.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2022-10-10T21:15:00.000Z,0
CVE-2022-35639,https://securityvulnerability.io/vulnerability/CVE-2022-35639,Denial of Service Vulnerability in IBM Sterling Partner Engagement Manager,"IBM Sterling Partner Engagement Manager versions 6.1, 6.2, and Cloud 22.2 exhibit a vulnerability that allows for the length of connections to remain unregulated. This oversight may lead to scenarios where the server becomes unresponsive, significantly affecting service availability. Organizations leveraging these versions must be aware of this potential risk and take appropriate measures to secure their systems.",IBM,"Sterling Partner Engagement Manager,Sterling Partner Engagement Manager On Cloud",7.5,HIGH,0.0008500000112690032,false,,false,false,false,,,false,false,,2022-07-26T15:15:00.000Z,0
CVE-2022-22417,https://securityvulnerability.io/vulnerability/CVE-2022-22417,Cross-Site Scripting Vulnerability in IBM Sterling Partner Engagement Manager,"IBM Sterling Partner Engagement Manager versions 6.1.2, 6.2, and Cloud/SaaS 22.2 are susceptible to a cross-site scripting vulnerability that enables attackers to inject arbitrary JavaScript code into the Web UI. This defect can compromise the integrity of user sessions, allowing an attacker to execute malicious scripts within the context of a trusted user, potentially leading to unauthorized access to sensitive information and credentials. Users are encouraged to evaluate their version for mitigation steps.",IBM,"Sterling Partner Engagement Manager On Cloud,Sterling Partner Engagement Manager",5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-07-19T17:15:00.000Z,0
CVE-2022-22360,https://securityvulnerability.io/vulnerability/CVE-2022-22360,LDAP Injection Vulnerability in IBM Sterling Partner Engagement Manager,"A vulnerability in IBM Sterling Partner Engagement Manager allows remote authenticated attackers to perform LDAP injection. By crafting specific requests, attackers can manipulate LDAP queries, potentially gaining unauthorized access to sensitive resources. Affected versions include 6.1.2, 6.2, and Cloud/SaaS 22.2 platforms. Organizations utilizing these versions should assess their security posture and implement necessary mitigations.",IBM,"Sterling Partner Engagement Manager,Sterling Partner Engagement Manager On Cloud",7.5,HIGH,0.001339999958872795,false,,false,false,false,,,false,false,,2022-07-19T17:15:00.000Z,0
CVE-2022-22416,https://securityvulnerability.io/vulnerability/CVE-2022-22416,Server-Side Request Forgery in IBM Sterling Partner Engagement Manager,"IBM Sterling Partner Engagement Manager versions 6.1.2, 6.2, and Cloud/SaaS 22.2 are prone to a server-side request forgery (SSRF) vulnerability. This allows an authenticated attacker to initiate unauthorized requests from the affected system, which can lead to information disclosure, network enumeration, and facilitate further attacks within the network. Proper patching and configuration are essential to mitigate this risk.",IBM,"Sterling Partner Engagement Manager On Cloud,Sterling Partner Engagement Manager",5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-07-19T17:15:00.000Z,0
CVE-2022-22358,https://securityvulnerability.io/vulnerability/CVE-2022-22358,XML External Entity Injection Vulnerability in IBM Sterling Partner Engagement Manager,"IBM Sterling Partner Engagement Manager versions 6.1.2, 6.2, and Cloud/SaaS 22.2 have a significant vulnerability due to XML External Entity Injection (XXE) flaws in their XML data processing. This can allow remote attackers to exploit the system, potentially leading to exposure of sensitive information and excessive memory consumption. Organizations using these versions should prioritize security upgrades to mitigate the associated risks.",IBM,"Sterling Partner Engagement Manager,Sterling Partner Engagement Manager On Cloud",7.1,HIGH,0.0011599999852478504,false,,false,false,false,,,false,false,,2022-07-19T17:15:00.000Z,0
CVE-2022-22359,https://securityvulnerability.io/vulnerability/CVE-2022-22359,Cross-Site Request Forgery Vulnerability in IBM Sterling Partner Engagement Manager,"IBM Sterling Partner Engagement Manager versions 6.1.2, 6.2, and Cloud/SaaS 22.2 are susceptible to a cross-site request forgery (CSRF) vulnerability. This flaw allows attackers to exploit the trust a web application has in a user, potentially enabling them to execute unauthorized actions without the user's consent. Exploiting this vulnerability can lead to critical security breaches if sensitive actions are performed on behalf of authenticated users.",IBM,"Sterling Partner Engagement Manager On Cloud,Sterling Partner Engagement Manager",4.3,MEDIUM,0.0005799999926239252,false,,false,false,false,,,false,false,,2022-07-19T17:15:00.000Z,0
CVE-2022-22332,https://securityvulnerability.io/vulnerability/CVE-2022-22332,User Impersonation Vulnerability in IBM Sterling Partner Engagement Manager,"The IBM Sterling Partner Engagement Manager 6.2.0 is vulnerable to a user impersonation issue, allowing attackers to bypass authentication mechanisms. This vulnerability stems from a missing revocation process for JSON Web Tokens (JWT), which could let unauthorized users assume the identity of legitimate accounts, thus compromising sensitive data and potentially leading to unauthorized actions within the system. Organizations utilizing this product should implement necessary measures to mitigate risk.",IBM,Sterling Partner Engagement Manager,5.6,MEDIUM,0.0009699999936856329,false,,false,false,false,,,false,false,,2022-04-01T17:15:00.000Z,0