CVE-2022-34334

Опубликовано: 10 окт. 2022

Источник: nvd

CVSS3: 6.3

CVSS3: 6.5

EPSS Низкий

Описание

IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 229704.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/229704
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6828097
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/229704
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6828097
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:sterling_partner_engagement_manager:2.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.1:*:*:*:*:*:*:*

EPSS

Процентиль: 27%

0.00097

Низкий

6.3 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-384

Связанные уязвимости

GHSA-w37x-68hw-2gcg

CVSS3: 6.5

github

больше 3 лет назад

IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 229704.

EPSS

Процентиль: 27%

0.00097

Низкий

6.3 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-384