Ibm: >> Sterling Partner Engagement Manager >> 6.1 Security Vulnerabilities
IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 229704.
CVSS Score
6.3
EPSS Score
0.0
Published
2022-10-10
IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 230017.
CVSS Score
7.1
EPSS Score
0.001
Published
2022-09-23
IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connection which could cause the server to become unresponsive. IBM X-Force ID: 230932.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-07-26