Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveIbmCVE-2023-23482
HistoryJun 08, 2023 - 2:15 a.m.

CVE-2023-23482

2023-06-0802:15:09
ibm
web.nvd.nist.gov
28
ibm
sterling partner
engagement manager
remote attack
click hijacking
vulnerability
cve-2023-23482
nvd
ibm x-force

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

49.8%

JSON

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 245891.

Affected configurations

Nvd
Vulners
Node
linuxlinux_kernelMatch-
AND
ibmsterling_partner_engagement_managerRange6.1.26.1.2.8essentials
OR
ibmsterling_partner_engagement_managerRange6.1.26.1.2.8standard
OR
ibmsterling_partner_engagement_managerRange6.2.06.2.0.6essentials
OR
ibmsterling_partner_engagement_managerRange6.2.06.2.0.6standard
OR
ibmsterling_partner_engagement_managerRange6.2.16.2.1.3essentials
OR
ibmsterling_partner_engagement_managerRange6.2.16.2.1.3standard
VendorProductVersionCPE
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
ibmsterling_partner_engagement_manager*cpe:2.3:a:ibm:sterling_partner_engagement_manager:*:*:*:*:essentials:*:*:*
ibmsterling_partner_engagement_manager*cpe:2.3:a:ibm:sterling_partner_engagement_manager:*:*:*:*:standard:*:*:*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Sterling Partner Engagement Manager",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "6.1, 6.2, 6.2.1"
      }
    ]
  }
]

Related

ibm 1
cvelist 1
prion 1
nvd 1
ibm
ibm
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to clickjacking (CVE-2023-23482)
2023-06-08 19:32:38
cvelist
cvelist
CVE-2023-23482 IBM Sterling Partner Engagement Manager clickjacking
2023-06-08 01:09:18
prion
prion
Design/Logic Flaw
2023-06-08 02:15:00
nvd
nvd
CVE-2023-23482
2023-06-08 02:15:09

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

49.8%

JSON
Related for CVE-2023-23482
ibm1cvelist1prion1nvd1