CVE-2023-23480: XSS
First published: Mon Jun 05 2023(Updated: )
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245885.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Sterling Partner Engagement Manager | >=6.1.2<6.1.2.8 | |
| IBM Sterling Partner Engagement Manager | >=6.1.2<6.1.2.8 | |
| IBM Sterling Partner Engagement Manager | >=6.2.0<6.2.0.6 | |
| IBM Sterling Partner Engagement Manager | >=6.2.0<6.2.0.6 | |
| IBM Sterling Partner Engagement Manager | >=6.2.1<6.2.1.3 | |
| IBM Sterling Partner Engagement Manager | >=6.2.1<6.2.1.3 | |
| Linux Linux kernel | ||
| IBM Sterling Partner Engagement Manager Essentials and Standard Editions | <=6.2.1 | |
| IBM Sterling Partner Engagement Manager Essentials and Standard Editions | <=6.1.2 | |
| IBM Sterling Partner Engagement Manager Essentials and Standard Editions | <=6.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-23480.
What is the severity of CVE-2023-23480?
The severity of CVE-2023-23480 is medium with a CVSS score of 5.4.
Which IBM Sterling Partner Engagement Manager versions are affected by CVE-2023-23480?
IBM Sterling Partner Engagement Manager versions 6.1, 6.2, and 6.2.1 are affected by CVE-2023-23480.
How does CVE-2023-23480 impact the system?
CVE-2023-23480 allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure within a trusted session.
How can I fix CVE-2023-23480?
To fix CVE-2023-23480, apply the relevant patches provided by IBM for the affected versions of IBM Sterling Partner Engagement Manager.
- collector/nvd-index
- collector/ibm-support
- vendor/ibm
- canonical/ibm sterling partner engagement manager
- version/ibm sterling partner engagement manager/6.1.2
- version/ibm sterling partner engagement manager/6.2.0
- version/ibm sterling partner engagement manager/6.2.1
- vendor/linux
- canonical/linux linux kernel
- canonical/ibm sterling partner engagement manager essentials and standard editions
- version/ibm sterling partner engagement manager essentials and standard editions/6.2.1
- version/ibm sterling partner engagement manager essentials and standard editions/6.1.2
- version/ibm sterling partner engagement manager essentials and standard editions/6.2.0