PT-2021-18475 · Ibm · Ibm Partner Engagement Manager

Tyler Cui

Published

2021-07-30

Updated

2021-08-05

CVE-2021-29781

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IBM Partner Engagement Manager version 2.0

Description The issue is caused by an unsafe deserialization flaw, allowing a remote attacker to execute arbitrary code on the system by sending specially-crafted data.

Recommendations For IBM Partner Engagement Manager version 2.0, consider disabling the deserialization functionality as a temporary workaround until a patch is available. Restrict access to the system to minimize the risk of exploitation.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2021-29781

Affected Products

Ibm Partner Engagement Manager

PT-2021-18475 · Ibm · Ibm Partner Engagement Manager

CVE-2021-29781

Weakness Enumeration

Related Identifiers

Affected Products

References · 6