IBM Sterling Partner Engagement Manager clickjacking
CVE-2023-23482

9.6CRITICAL

Key Information:

Vendor: IBM
Status: Sterling Partner Engagement Manager
Vendor: CVE Published:; 8 June 2023

What is CVE-2023-23482?

IBM Sterling Partner Engagement Manager versions 6.1, 6.2, and 6.2.1 are susceptible to a click hijacking vulnerability. This issue allows a remote attacker to manipulate a victim’s interactions with their web browser. By enticing the victim to visit a malicious site, an attacker can hijack click actions, potentially leading to further attacks or unauthorized actions on behalf of the victim. It is crucial for users to remain vigilant and apply recommended updates to mitigate this risk.

Affected Version(s)

Sterling Partner Engagement Manager 6.1, 6.2, 6.2.1

References

https://www.ibm.com/support/pages/node/7001569

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/245891

vdb-entry

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 8, 2023
Vulnerability Reserved
Jan 12, 2023