IBM Sterling Partner Engagement Manager is vulnerable to information disclosure. This bulletin identifies the steps to take to address the vulnerabilities.
CVEID:CVE-2022-35718
**DESCRIPTION:**IBM Sterling Partner Engagement Manager stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/231369 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Sterling Partner Engagement Manager Essential and Standard Editions | 6.2.3 |
IBM strongly recommends addressing the vulnerability now.
Product(s) | Version(s) | Remediation/Fix/Instructions |
---|---|---|
BM Sterling Partner Engagement Manager Essentials Edition | 6.2.3 |
Download and apply 6.2.3.1
IBM Sterling Partner Engagement Manager Standard Edition| 6.2.3|
Download and apply 6.2.3.1
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | multi-enterprise_integration_gateway | 6.2.3.1 | cpe:2.3:a:ibm:multi-enterprise_integration_gateway:6.2.3.1:*:*:*:*:*:*:* |