Cross-Site Request Forgery Vulnerability in IBM Sterling Partner Engagement Manager
CVE-2022-22359

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Sterling Partner Engagement Manager On Cloud; Sterling Partner Engagement Manager
Vendor: CVE Published:; 19 July 2022

What is CVE-2022-22359?

IBM Sterling Partner Engagement Manager versions 6.1.2, 6.2, and Cloud/SaaS 22.2 are susceptible to a cross-site request forgery (CSRF) vulnerability. This flaw allows attackers to exploit the trust a web application has in a user, potentially enabling them to execute unauthorized actions without the user's consent. Exploiting this vulnerability can lead to critical security breaches if sensitive actions are performed on behalf of authenticated users.

Affected Version(s)

Sterling Partner Engagement Manager 6.1.2

Sterling Partner Engagement Manager 6.2

Sterling Partner Engagement Manager on Cloud 22.2

References

https://www.ibm.com/support/pages/node/6604987

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/220652

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 19, 2022
Vulnerability Reserved
Jan 3, 2022