Lucene search

IbmCVELIST:CVE-2022-22358

HistoryJul 19, 2022 - 4:25 p.m.

CVE-2022-22358

2022-07-1916:25:17

ibm

www.cve.org

ibm

sterling partner

xml external entity injection

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C

AI Score

Confidence

High

EPSS

0.001

Percentile

45.5%

JSON

IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 220651.

CNA Affected

[
  {
    "product": "Sterling Partner Engagement Manager",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "6.1.2"
      },
      {
        "status": "affected",
        "version": "6.2"
      }
    ]
  },
  {
    "product": "Sterling Partner Engagement Manager on Cloud",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "22.2"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/220651

www.ibm.com/support/pages/node/6604993

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C

AI Score

Confidence

High

EPSS

0.001

Percentile

45.5%

JSON

Related for CVELIST:CVE-2022-22358