IBM Sterling Partner Engagement Manager vulnerable to Cross-Site Scripting
CVE-2023-28517

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Sterling Partner Engagement Manager
Vendor: CVE Published:; 13 March 2024

Summary

The vulnerability in IBM Sterling Partner Engagement Manager affects versions 6.1.2, 6.2.0, and 6.2.2, enabling cross-site scripting (XSS) attacks. This flaw permits users to inject arbitrary JavaScript code into the Web UI, which can circumvent intended security measures. The exploit may result in unauthorized access to sensitive information, including credentials, during a trusted session. Mitigating this vulnerability is crucial to protecting user data and maintaining the integrity of the application.

Affected Version(s)

Sterling Partner Engagement Manager 6.1.2, 6.2.0, 6.2.2

References

https://www.ibm.com/support/pages/node/7138575

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/250421

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 13, 2024
Vulnerability Reserved
Mar 16, 2023