IBM Sterling Partner Engagement Manager
By the Year
In 2024 there have been 0 vulnerabilities in IBM Sterling Partner Engagement Manager . Last year Sterling Partner Engagement Manager had 2 security vulnerabilities published. Right now, Sterling Partner Engagement Manager is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 2 | 6.45 |
| 2022 | 2 | 6.80 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Sterling Partner Engagement Manager vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Sterling Partner Engagement Manager Security Vulnerabilities
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could
CVE-2023-43045
7.5 - High
- October 23, 2023
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM X-Force ID: 266896.
Missing Authentication for Critical Function
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting
CVE-2023-38722
5.4 - Medium
- October 23, 2023
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 262174.
XSS
IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could
CVE-2022-34334
6.5 - Medium
- October 10, 2022
IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 229704.
Session Fixation
IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data
CVE-2022-34348
7.1 - High
- September 23, 2022
IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 230017.
XXE
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Sterling Partner Engagement Manager or by IBM? Click the Watch button to subscribe.
