Ibm

Sterling Partner Engagement Manager

13 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-33093

  • EPSS 0.03%
  • Published 07.05.2025 11:15:52
  • Last modified 20.08.2025 02:38:21

IBM Sterling Partner Engagement Manager 6.1.0, 6.2.0, 6.2.2 JWT secret is stored in public Helm Charts and is not stored as a Kubernetes secret.

5.5

CVE-2022-35640

  • EPSS 0.02%
  • Published 16.07.2024 23:15:10
  • Last modified 21.11.2024 07:11:25

IBM Sterling Partner Engagement Manager 6.2.2 could allow a local attacker to obtain sensitive information when a detailed technical error message is returned. IBM X-Force ID: 230933.

5.4

CVE-2023-28517

  • EPSS 0.06%
  • Published 13.03.2024 10:15:06
  • Last modified 22.01.2025 18:40:49

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cr...

7.5

CVE-2023-43045

  • EPSS 0.03%
  • Published 23.10.2023 18:15:10
  • Last modified 21.11.2024 08:23:39

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM X-Force ID: 266896.

5.4

CVE-2023-38722

  • EPSS 0.06%
  • Published 23.10.2023 18:15:09
  • Last modified 21.11.2024 08:14:07

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin...

5.4

CVE-2023-23480

  • EPSS 0.14%
  • Published 08.06.2023 02:15:09
  • Last modified 21.11.2024 07:46:16

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to creden...

5.4

CVE-2023-23481

  • EPSS 0.14%
  • Published 08.06.2023 02:15:09
  • Last modified 21.11.2024 07:46:16

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

9.6

CVE-2023-23482

  • EPSS 0.05%
  • Published 08.06.2023 02:15:09
  • Last modified 21.11.2024 07:46:16

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack ...

6.5

CVE-2022-34335

  • EPSS 0.09%
  • Published 11.01.2023 17:15:09
  • Last modified 21.11.2024 07:09:19

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.1 could allow an authenticated user to exhaust server resources which could lead to a denial of service. IBM X-Force ID: 229705.

9.8

CVE-2022-40615

  • EPSS 0.1%
  • Published 11.01.2023 17:15:09
  • Last modified 21.11.2024 07:21:43

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end data...