User Impersonation Vulnerability in IBM Sterling Partner Engagement Manager
CVE-2022-22332

5.6MEDIUM

Key Information:

Vendor: IBM
Status: Sterling Partner Engagement Manager
Vendor: CVE Published:; 1 April 2022

Summary

The IBM Sterling Partner Engagement Manager 6.2.0 is vulnerable to a user impersonation issue, allowing attackers to bypass authentication mechanisms. This vulnerability stems from a missing revocation process for JSON Web Tokens (JWT), which could let unauthorized users assume the identity of legitimate accounts, thus compromising sensitive data and potentially leading to unauthorized actions within the system. Organizations utilizing this product should implement necessary measures to mitigate risk.

Affected Version(s)

Sterling Partner Engagement Manager 6.2.0

References

https://www.ibm.com/support/pages/node/6568301

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/219131

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 1, 2022
Vulnerability Reserved
Jan 3, 2022