CVE-2022-21516

Name of the Vulnerable Software and Affected Versions Enterprise Manager Base Platform versions 13.4.0.0 through 13.5.0.0

Description The issue exists due to insufficient input validation in the Enterprise Manager Install component of the Enterprise Manager Base Platform. This allows a remote attacker to gain read, modify, add, or delete access to data, or cause a partial denial of service using HTTP requests. Successful attacks can result in unauthorized update, insert, or delete access to some accessible data, as well as unauthorized read access to a subset of accessible data.

Recommendations For versions 13.4.0.0 and 13.5.0.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Enterprise Manager Install component until a patch is available. Avoid using HTTP requests to access sensitive data in the affected versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.