What is the vulnerability ID for this vulnerability?

The vulnerability ID for this vulnerability is CVE-2022-22358.

What is the severity of CVE-2022-22358?

The severity of CVE-2022-22358 is high with a CVSS score of 7.1.

What is the affected software for CVE-2022-22358?

The affected software for CVE-2022-22358 is IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2.

How does CVE-2022-22358 impact the affected software?

CVE-2022-22358 allows a remote attacker to exploit the vulnerability and expose sensitive information or consume memory resources.

Is there a patch available to fix CVE-2022-22358?

Yes, there are patches available to fix CVE-2022-22358. Please refer to the IBM Support pages for more information.

Vulnerability/
CVE-2022-22358

high

7.1

CWE

611

4/7/2022

18/7/2022

3/8/2024

CVE-2022-22358: XEE

First published: Mon Jul 04 2022(Updated: )

IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 220651.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Partner Engagement Manager	>=6.1.2<6.1.2.5
IBM Partner Engagement Manager	>=6.1.2<6.1.2.5
IBM Partner Engagement Manager	>=6.2.0<6.2.0.3
IBM Partner Engagement Manager	>=6.2.0<6.2.0.3
Ibm Partner Engagement Manager On Cloud\/saas	=22.2
	<=6.1.2
	<=6.1.2
	<=6.2
	<=6.2
	<=22.2

Remedy

https://www.ibm.com/support/pages/node/6604993

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6604993

Frequently Asked Questions

What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2022-22358.
What is the severity of CVE-2022-22358?
The severity of CVE-2022-22358 is high with a CVSS score of 7.1.
What is the affected software for CVE-2022-22358?
The affected software for CVE-2022-22358 is IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2.
How does CVE-2022-22358 impact the affected software?
CVE-2022-22358 allows a remote attacker to exploit the vulnerability and expose sensitive information or consume memory resources.
Is there a patch available to fix CVE-2022-22358?
Yes, there are patches available to fix CVE-2022-22358. Please refer to the IBM Support pages for more information.

collector/nvd-index
agent/references
agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/severity
agent/author
agent/weakness
agent/remedy
agent/last-modified-date
agent/description
agent/softwarecombine
agent/tags
agent/event
collector/ibm-support
source/IBM
agent/software-canonical-lookup
vendor/ibm
canonical/ibm partner engagement manager
version/ibm partner engagement manager/6.1.2
version/ibm partner engagement manager/6.2.0
canonical/ibm partner engagement manager on cloud\/saas
version/ibm partner engagement manager on cloud\/saas/22.2
canonical/ibm sterling partner engagement manager essentials edition
version/ibm sterling partner engagement manager essentials edition/6.1.2
canonical/ibm sterling partner engagement manager standard edition
version/ibm sterling partner engagement manager standard edition/6.1.2
version/ibm sterling partner engagement manager essentials edition/6.2
version/ibm sterling partner engagement manager standard edition/6.2
canonical/ibm sterling partner engagement manager on cloud / saas
version/ibm sterling partner engagement manager on cloud / saas/22.2