IBM7233B4316CE91F698318C8C7F8B218403D13168148486721106D9D7F391D4EBDSecurity Bulletin: De-serialization Vulnerability Affects IBM Partner Engagement Manager (CVE-2021-29781)
EPSS
Percentile
83.3%
Summary
IBM Sterling Partner Engagement Manager could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Vulnerability Details
CVEID:CVE-2021-29781
**DESCRIPTION:**IBM Sterling Partner Engagement Manager could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/203091 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| Partner Engagement Manager | 2.0 |
Remediation/Fixes
| Product | Version | Link |
|---|---|---|
| Partner Engagement Manager Essentials Edition | 6.1.2.1 | https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FIBM+Sterling+Partner+Engagement+Manager+Software&fixids=IBM_PEM_Essentials_6.1.2.1&source=SAR&function=fixId&parent=ibm/Other%20software |
| Partner Engagement Manager Standard Edition | 6.1.2.1 | https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FIBM+Sterling+Partner+Engagement+Manager+Software&fixids=IBM_PEM_Standard_6.1.2.1&source=SAR&function=fixId&parent=ibm/Other%20software |
| Partner Engagement Manager on Cloud / SaaS | 21.3.1 | us.icr.io/gold/pem:21.3.1 |
Workarounds and Mitigations
None
Related
EPSS
Percentile
83.3%