CVE-2023-23482

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 245891.

CVSS v3 9.6 CRITICAL

9.6^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/245891	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/7001569	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

OR	cpe:2.3:a:ibm:sterling_partner_engagement_manager:::::essentials:::*
	cpe:2.3:a:ibm:sterling_partner_engagement_manager:::::standard:::*
	cpe:2.3:a:ibm:sterling_partner_engagement_manager:::::essentials:::*
	cpe:2.3:a:ibm:sterling_partner_engagement_manager:::::standard:::*
	cpe:2.3:a:ibm:sterling_partner_engagement_manager:::::essentials:::*
	cpe:2.3:a:ibm:sterling_partner_engagement_manager:::::standard:::*

History

No history.

Information

Published : 2023-06-08 02:15

Updated : 2023-06-13 21:41

NVD link : CVE-2023-23482

Mitre link : CVE-2023-23482

CVE.ORG link : CVE-2023-23482

JSON object : View

Products Affected

ibm

sterling_partner_engagement_manager

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2023-23482", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2023-06-08T02:15:09.157", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/245891", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/7001569", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 245891."}, {"lang": "es", "value": "IBM Sterling Partner Engagement Manager v6.1, v6.2 y v6.2.1 podr\u00eda permitir a un atacante remoto secuestrar la acci\u00f3n de hacer clic de la v\u00edctima. Al persuadir a una v\u00edctima para que visite un sitio web malicioso, un atacante remoto podr\u00eda aprovechar esta vulnerabilidad para secuestrar las acciones de clic de la v\u00edctima y, posiblemente, lanzar m\u00e1s ataques contra ella. IBM X-Force ID: 245891."}], "lastModified": "2023-06-13T21:41:32.537", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:sterling_partner_engagement_manager:*:*:*:*:essentials:*:*:*", "vulnerable": true, "matchCriteriaId": "3AE64BF1-4AEA-4662-B736-0C6BDE7F7287", "versionEndExcluding": "6.1.2.8", "versionStartIncluding": "6.1.2"}, {"criteria": "cpe:2.3:a:ibm:sterling_partner_engagement_manager:*:*:*:*:standard:*:*:*", "vulnerable": true, "matchCriteriaId": "D8A9DF1C-F77C-4A66-B319-1D69E44C60BB", "versionEndExcluding": "6.1.2.8", "versionStartIncluding": "6.1.2"}, {"criteria": "cpe:2.3:a:ibm:sterling_partner_engagement_manager:*:*:*:*:essentials:*:*:*", "vulnerable": true, "matchCriteriaId": "2E69B0AA-05ED-45D5-9BD0-85B9A62CB8C1", "versionEndExcluding": "6.2.0.6", "versionStartIncluding": "6.2.0"}, {"criteria": "cpe:2.3:a:ibm:sterling_partner_engagement_manager:*:*:*:*:standard:*:*:*", "vulnerable": true, "matchCriteriaId": "B9BFF5AB-317A-4FC0-8947-9D70C8683BC9", "versionEndExcluding": "6.2.0.6", "versionStartIncluding": "6.2.0"}, {"criteria": "cpe:2.3:a:ibm:sterling_partner_engagement_manager:*:*:*:*:essentials:*:*:*", "vulnerable": true, "matchCriteriaId": "843C4066-2495-4BF7-8DD2-93BEFA6A75FA", "versionEndExcluding": "6.2.1.3", "versionStartIncluding": "6.2.1"}, {"criteria": "cpe:2.3:a:ibm:sterling_partner_engagement_manager:*:*:*:*:standard:*:*:*", "vulnerable": true, "matchCriteriaId": "D387A776-BCE6-4C54-9B34-DEAFABB61B69", "versionEndExcluding": "6.2.1.3", "versionStartIncluding": "6.2.1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@us.ibm.com"}