CVE-2022-22331

Published: Apr 1, 2022Modified: Nov 21, 2024

7.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Exploitability: 2.8 / Impact: 4.2

Source: NVD

Description

IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 219130.

Affected (1)

Products: Ibm: Partner Engagement Manager

Ibm

1 product

Partner Engagement Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ibm Partner Engagement Manager	Version 6.2.0

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/219130

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/6568299

Source: psirt@us.ibm.com

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/219130

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/6568299

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.