Insecure Direct Object Vulnerability in IBM Sterling Partner Engagement Manager
CVE-2022-22331
5.4MEDIUM
Summary
An insecure direct object reference vulnerability exists in IBM Sterling Partner Engagement Manager 6.2.0, which could enable a remote authenticated attacker to access sensitive information or alter user details. This security flaw arises from improper validation of user input, potentially exposing critical data and allowing unauthorized modification.
Affected Version(s)
SterlingPartner Engagement Manager 6.2.0
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved