XML External Entity Injection Vulnerability in IBM Sterling Partner Engagement Manager
CVE-2022-34348

7.1HIGH

Key Information:

Vendor: IBM
Status: Partner Engagement Manager
Vendor: CVE Published:; 23 September 2022

Summary

The IBM Sterling Partner Engagement Manager 6.1 is susceptible to an XML External Entity Injection (XXE) attack due to improper handling of XML data. This vulnerability allows a remote attacker to exploit the system, potentially leading to the unauthorized exposure of sensitive information and excessive consumption of memory resources, which could disrupt operations.

Affected Version(s)

Partner Engagement Manager 6.1

References

https://www.ibm.com/support/pages/node/6695927

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/230017

vdb-entryx_refsource_XF

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 23, 2022
Vulnerability Reserved
Jun 23, 2022