PT-2022-15371 · Ibm · Ibm Sterling Partner Engagement Manager

Published

2022-04-01

Updated

2022-04-12

CVE-2022-22332

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions IBM Sterling Partner Engagement Manager version 6.2.0

Description The issue allows an attacker to impersonate another user due to a missing revocation mechanism for the JWT token.

Recommendations For IBM Sterling Partner Engagement Manager version 6.2.0, consider implementing a revocation mechanism for the JWT token to prevent impersonation attacks. As a temporary workaround, restrict access to sensitive areas of the application that rely on JWT tokens for authentication until a proper fix is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-672

Related Identifiers

CVE-2022-22332

Affected Products

Ibm Sterling Partner Engagement Manager

PT-2022-15371 · Ibm · Ibm Sterling Partner Engagement Manager

CVE-2022-22332

Weakness Enumeration

Related Identifiers

Affected Products

References · 5