Insecure Direct Object Vulnerability in IBM Sterling Partner Engagement Manager
CVE-2022-22331

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Sterlingpartner Engagement Manager
Vendor: CVE Published:; 31 March 2022

What is CVE-2022-22331?

An insecure direct object reference vulnerability exists in IBM Sterling Partner Engagement Manager 6.2.0, which could enable a remote authenticated attacker to access sensitive information or alter user details. This security flaw arises from improper validation of user input, potentially exposing critical data and allowing unauthorized modification.

Affected Version(s)

SterlingPartner Engagement Manager 6.2.0

References

https://www.ibm.com/support/pages/node/6568299

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/219130

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 31, 2022
Vulnerability Reserved
Jan 3, 2022