CVE-2022-40615

2023-01-1117:15:09

CWE-89

[email protected]

web.nvd.nist.gov

ibm

sterling partner

sql injection

remote attacker

database

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

44.6%

JSON

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 236208.

Affected configurations

Nvd

Node

ibmsterling_partner_engagement_managerMatch6.1.2standard

ibmsterling_partner_engagement_managerMatch6.2.0standard

ibmsterling_partner_engagement_managerMatch6.2.1standard

AND

linuxlinux_kernelMatch-

VendorProductVersionCPE
ibmsterling_partner_engagement_manager6.1.2cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.1.2:*:*:*:standard:*:*:*
ibmsterling_partner_engagement_manager6.2.0cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.0:*:*:*:standard:*:*:*
ibmsterling_partner_engagement_manager6.2.1cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.1:*:*:*:standard:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	sterling_partner_engagement_manager	6.1.2	cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.1.2::::standard:::
ibm	sterling_partner_engagement_manager	6.2.0	cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.0::::standard:::
ibm	sterling_partner_engagement_manager	6.2.1	cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.1::::standard:::
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*