IBM Sterling Partner Engagement Manager could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVEID:CVE-2021-29781
**DESCRIPTION:**IBM Sterling Partner Engagement Manager could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/203091 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
Partner Engagement Manager | 2.0 |
Product | Version | Link |
---|---|---|
Partner Engagement Manager Essentials Edition | 6.1.2.1 | https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FIBM+Sterling+Partner+Engagement+Manager+Software&fixids=IBM_PEM_Essentials_6.1.2.1&source=SAR&function=fixId&parent=ibm/Other%20software |
Partner Engagement Manager Standard Edition | 6.1.2.1 | https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FIBM+Sterling+Partner+Engagement+Manager+Software&fixids=IBM_PEM_Standard_6.1.2.1&source=SAR&function=fixId&parent=ibm/Other%20software |
Partner Engagement Manager on Cloud / SaaS | 21.3.1 | us.icr.io/gold/pem:21.3.1 |
None