Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveIbmCVE-2022-40615
HistoryJan 11, 2023 - 5:15 p.m.

CVE-2022-40615

2023-01-1117:15:09
CWE-89
ibm
web.nvd.nist.gov
33
ibm
sterling partner
engagement manager
sql injection
vulnerability
security
nvd
cve-2022-40615

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.001

Percentile

44.6%

JSON

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 236208.

Affected configurations

Nvd
Vulners
Node
ibmsterling_partner_engagement_managerMatch6.1.2standard
OR
ibmsterling_partner_engagement_managerMatch6.2.0standard
OR
ibmsterling_partner_engagement_managerMatch6.2.1standard
AND
linuxlinux_kernelMatch-
VendorProductVersionCPE
ibmsterling_partner_engagement_manager6.1.2cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.1.2:*:*:*:standard:*:*:*
ibmsterling_partner_engagement_manager6.2.0cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.0:*:*:*:standard:*:*:*
ibmsterling_partner_engagement_manager6.2.1cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.1:*:*:*:standard:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Sterling Partner Engagement Manager",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "6.1.2, 6.2.0, 6.2.1"
      }
    ]
  }
]

Related

prion 1
cvelist 1
cnvd 1
ibm 1
nvd 1
prion
prion
Sql injection
2023-01-11 17:15:00
cvelist
cvelist
CVE-2022-40615 IBM Sterling Partner Engagement Manager SQL injection
2023-01-11 16:48:43
cnvd
cnvd
IBM Sterling Partner Engagement Manager SQL Injection Vulnerability
2023-01-14 00:00:00
ibm
ibm
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to SQL injection attack (CVE-2022-40615)
2023-01-10 10:45:16
nvd
nvd
CVE-2022-40615
2023-01-11 17:15:09

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.001

Percentile

44.6%

JSON
Related for CVE-2022-40615
prion1cvelist1cnvd1ibm1nvd1