T3 2024 Sterling PEM is vulnerable to cross-site scripting

Integration News

IBM Sterling Partner Engagement Manager is vulnerable to cross-site scripting

Summary

IBM Sterling Partner Engagement Manager has addressed a reflected cross-site scripting vulnerability.

Vulnerability Details

CVEID: CVE-2022-38749
Description: SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CWE: Click here.
CVSS Source:CVE.org
CVSS Base score: 3.3
CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

Affected Products and Versions

Remediation/Fixes

Product	Affected Version	Remediation/ Fix/Instructions
IBM Sterling Partner Engagement Manager Essentials Edition	6.1., 6.2.	Download 6.1.2.10 Download 6.2.3.2
IBM Sterling Partner Engagement Manager Essentials Edition	6.1., 6.2.	Download 6.1.2.10 Download 6.2.3.2

Workarounds and Mitigations

None.

Cliquez sur le bouton ci-dessous pour télécharger cette lettre d’information au format Pdf.

Cliquez ici pour télécharger