CVE-2022-34348

Sažetak

IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 230017.

Reference

https://exchange.xforce.ibmcloud.com/vulnerabilities/230017
https://www.ibm.com/support/pages/node/6695927
https://exchange.xforce.ibmcloud.com/vulnerabilities/230017
https://www.ibm.com/support/pages/node/6695927

CVSS

Base:	7.1
Impact:	4.2
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	LOW

CVSS vektor

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Zadnje važnije ažuriranje

22-05-2025 - 20:15

Objavljeno

23-09-2022 - 18:15