cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-35639,https://securityvulnerability.io/vulnerability/CVE-2022-35639,Denial of Service Vulnerability in IBM Sterling Partner Engagement Manager,"IBM Sterling Partner Engagement Manager versions 6.1, 6.2, and Cloud 22.2 exhibit a vulnerability that allows for the length of connections to remain unregulated. This oversight may lead to scenarios where the server becomes unresponsive, significantly affecting service availability. Organizations leveraging these versions must be aware of this potential risk and take appropriate measures to secure their systems.",IBM,"Sterling Partner Engagement Manager,Sterling Partner Engagement Manager On Cloud",7.5,HIGH,0.0008500000112690032,false,,false,false,false,,,false,false,,2022-07-26T15:15:00.000Z,0
CVE-2022-22358,https://securityvulnerability.io/vulnerability/CVE-2022-22358,XML External Entity Injection Vulnerability in IBM Sterling Partner Engagement Manager,"IBM Sterling Partner Engagement Manager versions 6.1.2, 6.2, and Cloud/SaaS 22.2 have a significant vulnerability due to XML External Entity Injection (XXE) flaws in their XML data processing. This can allow remote attackers to exploit the system, potentially leading to exposure of sensitive information and excessive memory consumption. Organizations using these versions should prioritize security upgrades to mitigate the associated risks.",IBM,"Sterling Partner Engagement Manager,Sterling Partner Engagement Manager On Cloud",7.1,HIGH,0.0011599999852478504,false,,false,false,false,,,false,false,,2022-07-19T17:15:00.000Z,0
CVE-2022-22360,https://securityvulnerability.io/vulnerability/CVE-2022-22360,LDAP Injection Vulnerability in IBM Sterling Partner Engagement Manager,"A vulnerability in IBM Sterling Partner Engagement Manager allows remote authenticated attackers to perform LDAP injection. By crafting specific requests, attackers can manipulate LDAP queries, potentially gaining unauthorized access to sensitive resources. Affected versions include 6.1.2, 6.2, and Cloud/SaaS 22.2 platforms. Organizations utilizing these versions should assess their security posture and implement necessary mitigations.",IBM,"Sterling Partner Engagement Manager,Sterling Partner Engagement Manager On Cloud",7.5,HIGH,0.001339999958872795,false,,false,false,false,,,false,false,,2022-07-19T17:15:00.000Z,0
CVE-2022-22416,https://securityvulnerability.io/vulnerability/CVE-2022-22416,Server-Side Request Forgery in IBM Sterling Partner Engagement Manager,"IBM Sterling Partner Engagement Manager versions 6.1.2, 6.2, and Cloud/SaaS 22.2 are prone to a server-side request forgery (SSRF) vulnerability. This allows an authenticated attacker to initiate unauthorized requests from the affected system, which can lead to information disclosure, network enumeration, and facilitate further attacks within the network. Proper patching and configuration are essential to mitigate this risk.",IBM,"Sterling Partner Engagement Manager On Cloud,Sterling Partner Engagement Manager",5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-07-19T17:15:00.000Z,0
CVE-2022-22417,https://securityvulnerability.io/vulnerability/CVE-2022-22417,Cross-Site Scripting Vulnerability in IBM Sterling Partner Engagement Manager,"IBM Sterling Partner Engagement Manager versions 6.1.2, 6.2, and Cloud/SaaS 22.2 are susceptible to a cross-site scripting vulnerability that enables attackers to inject arbitrary JavaScript code into the Web UI. This defect can compromise the integrity of user sessions, allowing an attacker to execute malicious scripts within the context of a trusted user, potentially leading to unauthorized access to sensitive information and credentials. Users are encouraged to evaluate their version for mitigation steps.",IBM,"Sterling Partner Engagement Manager On Cloud,Sterling Partner Engagement Manager",5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-07-19T17:15:00.000Z,0
CVE-2022-22359,https://securityvulnerability.io/vulnerability/CVE-2022-22359,Cross-Site Request Forgery Vulnerability in IBM Sterling Partner Engagement Manager,"IBM Sterling Partner Engagement Manager versions 6.1.2, 6.2, and Cloud/SaaS 22.2 are susceptible to a cross-site request forgery (CSRF) vulnerability. This flaw allows attackers to exploit the trust a web application has in a user, potentially enabling them to execute unauthorized actions without the user's consent. Exploiting this vulnerability can lead to critical security breaches if sensitive actions are performed on behalf of authenticated users.",IBM,"Sterling Partner Engagement Manager On Cloud,Sterling Partner Engagement Manager",4.3,MEDIUM,0.0005799999926239252,false,,false,false,false,,,false,false,,2022-07-19T17:15:00.000Z,0