NEWS T3 24 SECURITY NEWS. IBM Sterling Partner Engagement Manager is vulnerable to cross-site scripting

Integration News

IBM Sterling Partner Engagement Manager is vulnerable to cross-site scripting

Summary

IBM Sterling Partner Engagement Manager has addressed a reflected cross-site scripting vulnerability.

Vulnerability Details

CVEID: CVE-2022-38749
Description: SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CWE: Click here.
CVSS Source:CVE.org
CVSS Base score: 3.3
CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

Affected Products and Versions

Remediation/Fixes

Product	Version	Fixed-in Version(s)/Remediation/Fix
IBM Sterling Partner Engagement Manager Essentials Edition	6.1., 6.2.	Download 6.1.2.10 Download 6.2.3.2
IBM Sterling Partner Engagement Manager Essentials Edition	6.1., 6.2.	Download 6.1.2.10 Download 6.2.3.2

Workarounds and Mitigations

None.

Haga clic en el siguiente botón para descargar este boletín en formato Pdf.

Descargar