IBM Sterling Partner Engagement Manager clickjacking
CVE-2023-23482

9.6CRITICAL

Key Information:

Vendor: IBM
Status: Sterling Partner Engagement Manager
Vendor: CVE Published:; 8 June 2023

What is CVE-2023-23482?

IBM Sterling Partner Engagement Manager versions 6.1, 6.2, and 6.2.1 are susceptible to a click hijacking vulnerability. This issue allows a remote attacker to manipulate a victim’s interactions with their web browser. By enticing the victim to visit a malicious site, an attacker can hijack click actions, potentially leading to further attacks or unauthorized actions on behalf of the victim. It is crucial for users to remain vigilant and apply recommended updates to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Sterling Partner Engagement Manager 6.1, 6.2, 6.2.1

References

https://www.ibm.com/support/pages/node/7001569

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/245891

vdb-entry

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 8, 2023
Vulnerability Reserved
Jan 12, 2023

JSON

IBM

What is CVE-2023-23482?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.