CVE-2022-22358
- EPSS 0.42%
- Published 19.07.2022 17:15:08
- Last modified 21.11.2024 06:46:41
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or con...
CVE-2022-22359
- EPSS 0.08%
- Published 19.07.2022 17:15:08
- Last modified 21.11.2024 06:46:41
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-For...
CVE-2022-22360
- EPSS 1.17%
- Published 19.07.2022 17:15:08
- Last modified 21.11.2024 06:46:41
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in i...
CVE-2022-22416
- EPSS 0.1%
- Published 19.07.2022 17:15:08
- Last modified 21.11.2024 06:46:46
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumer...
CVE-2022-22417
- EPSS 0.12%
- Published 19.07.2022 17:15:08
- Last modified 21.11.2024 06:46:46
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadi...