Lucene search

IBM3BC7D10AC0A6C1297266B5F42B9C9192F08B3134DB56F7CDBDE03C90CF076256

HistoryMar 12, 2024 - 5:41 p.m.

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to low availability impacts due to Java SE (CVE-2023-22036)

2024-03-1217:41:33

www.ibm.com

ibm sterling

partner engagement manager

java se

cve-2023-22036

low availability

upgrading

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

25.0%

JSON

Summary

IBM Sterling Partner Engagement Manager uses Java SE. This bulletin identifies the steps to take to address the vulnerability.

Vulnerability Details

CVEID:CVE-2023-22036
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Utility component could allow a remote attacker to cause low availability impacts.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261044 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Sterling Partner Engagement Manager	6.2.2
IBM Sterling Partner Engagement Manager	6.1.2
IBM Sterling Partner Engagement Manager	6.2.0

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading …

Product

| Version|Remediation
—|—|—
IBM Sterling Partner Engagement Manager Essentials Edition| 6.2.2.2| Link
IBM Sterling Partner Engagement Manager Standard Edition| 6.2.2.2| Link
IBM Sterling Partner Engagement Manager Essentials Edition| 6.1.2.9| Link
IBM Sterling Partner Engagement Manager Standard Edition| 6.1.2.9| Link
IBM Sterling Partner Engagement Manager Essentials Edition| 6.2.0.7| Link
IBM Sterling Partner Engagement Manager Standard Edition| 6.2.0.7| Link

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmmulti-enterprise_integration_gatewayMatch6.2.2.2

ibmmulti-enterprise_integration_gatewayMatch6.1.2.9

ibmmulti-enterprise_integration_gatewayMatch6.2.0.7

CPENameOperatorVersion
multi-enterprise relationship managementeq6.2.2.2
multi-enterprise relationship managementeq6.1.2.9
multi-enterprise relationship managementeq6.2.0.7