News T3 2024 IBM Sterling PEM is vulnerable to cross-site scripting

Integration News

IBM Sterling Partner Engagement Manager is vulnerable to cross-site scripting

Summary

IBM Sterling Partner Engagement Manager has addressed a reflected cross-site scripting vulnerability.

 

Vulnerability Details

CVEID: CVE-2022-38749
Description: SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CWE: Click here.
CVSS Source:CVE.org
CVSS Base score: 3.3
CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

Affected Products and Versions

Remediation/Fixes

Product

Version

Fixed-in Version(s)/
Remediation/Fix

BM Sterling Partner
Engagement Manager
Essentials Edition

6.1.*,
6.2.*

Download
6.1.2.10
Download
6.2.3.2

BM Sterling Partner
Engagement Manager
Essentials Edition

6.1.*,
6.2.*

Download
6.1.2.10
Download
6.2.3.2

Workarounds and Mitigations

None.

Klicken Sie auf die Schaltfläche unten, um diesen Newsletter im Pdf-Format herunterzuladen.