CVE-2022-22359 - OpenCVE

IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220652.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Partner Engagement Manager On Cloud\/saas Partner Engagement Manager

Configuration 1 [-]

OR	cpe:2.3:a:ibm:partner_engagement_manager:::::essentials:::*
	cpe:2.3:a:ibm:partner_engagement_manager:::::standard:::*
	cpe:2.3:a:ibm:partner_engagement_manager:::::essentials:::*
	cpe:2.3:a:ibm:partner_engagement_manager:::::standard:::*
	cpe:2.3:a:ibm:partner_engagement_manager_on_cloud\/saas:22.2:::::::*

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/220652	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6604987	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2022-07-18T00:00:00

Updated: 2022-07-19T16:25:19

Reserved: 2022-01-03T00:00:00

Link: CVE-2022-22359

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-07-19T17:15:08.200

Modified: 2022-07-27T07:07:49.947

Link: CVE-2022-22359

JSON object: View

Redhat Information

No data.

CWE

CWE-352

{"containers": {"cna": {"affected": [{"product": "Sterling Partner Engagement Manager on Cloud", "vendor": "IBM", "versions": [{"status": "affected", "version": "22.2"}]}, {"product": "Sterling Partner Engagement Manager", "vendor": "IBM", "versions": [{"status": "affected", "version": "6.1.2"}, {"status": "affected", "version": "6.2"}]}], "datePublic": "2022-07-18T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220652."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.8, "temporalSeverity": "LOW", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/I:L/AC:L/A:N/S:U/C:N/UI:R/PR:N/AV:N/E:U/RC:C/RL:O", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Gain Access", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-07-19T16:25:19", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/6604987"}, {"name": "ibm-sterling-cve202222359-csrf (220652)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220652"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-07-18T00:00:00", "ID": "CVE-2022-22359", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Sterling Partner Engagement Manager on Cloud", "version": {"version_data": [{"version_value": "22.2"}]}}, {"product_name": "Sterling Partner Engagement Manager", "version": {"version_data": [{"version_value": "6.1.2"}, {"version_value": "6.2"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220652."}]}, "impact": {"cvssv3": {"BM": {"A": "N", "AC": "L", "AV": "N", "C": "N", "I": "L", "PR": "N", "S": "U", "UI": "R"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Gain Access"}]}]}, "references": {"reference_data": [{"name": "https://www.ibm.com/support/pages/node/6604987", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6604987 (Sterling Partner Engagement Manager)", "url": "https://www.ibm.com/support/pages/node/6604987"}, {"name": "ibm-sterling-cve202222359-csrf (220652)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220652"}]}}}}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-22359", "datePublished": "2022-07-18T00:00:00", "dateReserved": "2022-01-03T00:00:00", "dateUpdated": "2022-07-19T16:25:19", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:partner_engagement_manager:*:*:*:*:essentials:*:*:*", "matchCriteriaId": "0CB97978-7CB6-4919-BC4A-E820A5D9ED2D", "versionEndExcluding": "6.1.2.5", "versionStartIncluding": "6.1.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:partner_engagement_manager:*:*:*:*:standard:*:*:*", "matchCriteriaId": "E7F85D79-448A-4C07-B956-AA756FAF3CCA", "versionEndExcluding": "6.1.2.5", "versionStartIncluding": "6.1.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:partner_engagement_manager:*:*:*:*:essentials:*:*:*", "matchCriteriaId": "CAAE663A-14C9-4A2A-8F13-AD2AE3F459CF", "versionEndExcluding": "6.2.0.3", "versionStartIncluding": "6.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:partner_engagement_manager:*:*:*:*:standard:*:*:*", "matchCriteriaId": "A81120A3-7FF9-4C21-879B-DBD6ACEB973C", "versionEndExcluding": "6.2.0.3", "versionStartIncluding": "6.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:partner_engagement_manager_on_cloud\\/saas:22.2:*:*:*:*:*:*:*", "matchCriteriaId": "212AA8DE-AAF0-4B73-8AF2-C17DD168897E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220652."}, {"lang": "es", "value": "IBM Sterling Partner Engagement Manager versiones 6.1.2, 6.2 y Cloud/SasS versi\u00f3n 22.2 es vulnerable a la falsificaci\u00f3n de peticiones entre sitios, lo que podr\u00eda permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que conf\u00eda el sitio web. IBM X-Force ID: 220652."}], "id": "CVE-2022-22359", "lastModified": "2022-07-27T07:07:49.947", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-19T17:15:08.200", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220652"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6604987"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}