Описание
IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for the JWT token. IBM X-Force ID: 219131.
Ссылки
- VDB EntryVendor Advisory
- PatchVendor Advisory
- VDB EntryVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:ibm:partner_engagement_manager:6.2.0:*:*:*:standard:*:*:*
EPSS
Процентиль: 47%
0.00238
Низкий
5.6 Medium
CVSS3
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-672
Связанные уязвимости
CVSS3: 7.5
github
почти 4 года назад
IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for the JWT token. IBM X-Force ID: 219131.
EPSS
Процентиль: 47%
0.00238
Низкий
5.6 Medium
CVSS3
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-672