What is CVE-2022-22416?

CVE-2022-22416 refers to a vulnerability in IBM Sterling Partner Engagement Manager that allows an authenticated attacker to perform server-side request forgery (SSRF) attacks.

How does CVE-2022-22416 affect IBM Sterling Partner Engagement Manager?

CVE-2022-22416 affects IBM Sterling Partner Engagement Manager versions 6.1.2, 6.2, and Cloud/SaaS 22.2, allowing an attacker to send unauthorized requests from the system.

What is the severity level of CVE-2022-22416?

CVE-2022-22416 has a severity level of medium, with a CVSS score of 5.4.

How can I fix CVE-2022-22416?

To fix CVE-2022-22416, apply the relevant patches provided by IBM.

Where can I find more information about CVE-2022-22416?

You can find more information about CVE-2022-22416 on the IBM X-Force Exchange and IBM Support pages.

Vulnerability/
CVE-2022-22416

medium

5.4

CWE

918

4/7/2022

19/7/2022

16/9/2024

CVE-2022-22416: SSRF

First published: Mon Jul 04 2022(Updated: )

IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 223126.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Partner Engagement Manager	>=6.1.2<6.1.2.5
IBM Partner Engagement Manager	>=6.1.2<6.1.2.5
IBM Partner Engagement Manager	>=6.2.0<6.2.0.3
IBM Partner Engagement Manager	>=6.2.0<6.2.0.3
Ibm Partner Engagement Manager On Cloud\/saas	=22.2
IBM Sterling Partner Engagement Manager Essentials Edition	<=6.1.2
IBM Sterling Partner Engagement Manager Standard Edition	<=6.1.2
IBM Sterling Partner Engagement Manager Essentials Edition	<=6.2
IBM Sterling Partner Engagement Manager Standard Edition	<=6.2
IBM Sterling Partner Engagement Manager on Cloud / SaaS	<=22.2

Remedy

https://www.ibm.com/support/pages/node/6604989

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6604989

Frequently Asked Questions

What is CVE-2022-22416?
CVE-2022-22416 refers to a vulnerability in IBM Sterling Partner Engagement Manager that allows an authenticated attacker to perform server-side request forgery (SSRF) attacks.
How does CVE-2022-22416 affect IBM Sterling Partner Engagement Manager?
CVE-2022-22416 affects IBM Sterling Partner Engagement Manager versions 6.1.2, 6.2, and Cloud/SaaS 22.2, allowing an attacker to send unauthorized requests from the system.
What is the severity level of CVE-2022-22416?
CVE-2022-22416 has a severity level of medium, with a CVSS score of 5.4.
How can I fix CVE-2022-22416?
To fix CVE-2022-22416, apply the relevant patches provided by IBM.
Where can I find more information about CVE-2022-22416?
You can find more information about CVE-2022-22416 on the IBM X-Force Exchange and IBM Support pages.

collector/nvd-index
agent/references
agent/severity
agent/author
agent/type
agent/tags
agent/event
agent/description
agent/remedy
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/weakness
collector/mitre-cve
source/MITRE
collector/ibm-support
source/IBM
agent/software-canonical-lookup
vendor/ibm
canonical/ibm partner engagement manager
version/ibm partner engagement manager/6.1.2
version/ibm partner engagement manager/6.2.0
canonical/ibm partner engagement manager on cloud\/saas
version/ibm partner engagement manager on cloud\/saas/22.2
canonical/ibm sterling partner engagement manager essentials edition
version/ibm sterling partner engagement manager essentials edition/6.1.2
canonical/ibm sterling partner engagement manager standard edition
version/ibm sterling partner engagement manager standard edition/6.1.2
version/ibm sterling partner engagement manager essentials edition/6.2
version/ibm sterling partner engagement manager standard edition/6.2
canonical/ibm sterling partner engagement manager on cloud / saas
version/ibm sterling partner engagement manager on cloud / saas/22.2