CVE-2023-23481: XSS
First published: Mon Jun 05 2023(Updated: )
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245889.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Sterling Partner Engagement Manager | >=6.1.2<6.1.2.8 | |
| IBM Sterling Partner Engagement Manager | >=6.1.2<6.1.2.8 | |
| IBM Sterling Partner Engagement Manager | >=6.2.0<6.2.0.6 | |
| IBM Sterling Partner Engagement Manager | >=6.2.0<6.2.0.6 | |
| IBM Sterling Partner Engagement Manager | >=6.2.1<6.2.1.3 | |
| IBM Sterling Partner Engagement Manager | >=6.2.1<6.2.1.3 | |
| Linux Linux kernel | ||
| IBM Sterling Partner Engagement Manager Essentials and Standard Editions | <=6.2.1 | |
| IBM Sterling Partner Engagement Manager Essentials and Standard Editions | <=6.1.2 | |
| IBM Sterling Partner Engagement Manager Essentials and Standard Editions | <=6.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2023-23481.
What is the severity rating of CVE-2023-23481?
The severity rating of CVE-2023-23481 is 6.4 (medium).
Which version of IBM Sterling Partner Engagement Manager is affected by CVE-2023-23481?
IBM Sterling Partner Engagement Manager versions 6.1, 6.2, and 6.2.1 are affected by CVE-2023-23481.
What is the impact of CVE-2023-23481?
CVE-2023-23481 allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure within a trusted session.
How can I fix the vulnerability
To fix the vulnerability, apply the available patches provided by IBM for IBM Sterling Partner Engagement Manager.
- collector/nvd-index
- collector/ibm-support
- vendor/ibm
- canonical/ibm sterling partner engagement manager
- version/ibm sterling partner engagement manager/6.1.2
- version/ibm sterling partner engagement manager/6.2.0
- version/ibm sterling partner engagement manager/6.2.1
- vendor/linux
- canonical/linux linux kernel
- canonical/ibm sterling partner engagement manager essentials and standard editions
- version/ibm sterling partner engagement manager essentials and standard editions/6.2.1
- version/ibm sterling partner engagement manager essentials and standard editions/6.1.2
- version/ibm sterling partner engagement manager essentials and standard editions/6.2.0