FKIE_CVE-2023-23482

Vulnerability from fkie_nvd - Published: 2023-06-08 02:15 - Updated: 2024-11-21 07:46
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 245891.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/245891VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/7001569Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/245891VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/7001569Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm sterling_partner_engagement_manager *
ibm sterling_partner_engagement_manager *
ibm sterling_partner_engagement_manager *
ibm sterling_partner_engagement_manager *
ibm sterling_partner_engagement_manager *
ibm sterling_partner_engagement_manager *
linux linux_kernel -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:sterling_partner_engagement_manager:*:*:*:*:essentials:*:*:*",
              "matchCriteriaId": "3AE64BF1-4AEA-4662-B736-0C6BDE7F7287",
              "versionEndExcluding": "6.1.2.8",
              "versionStartIncluding": "6.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sterling_partner_engagement_manager:*:*:*:*:standard:*:*:*",
              "matchCriteriaId": "D8A9DF1C-F77C-4A66-B319-1D69E44C60BB",
              "versionEndExcluding": "6.1.2.8",
              "versionStartIncluding": "6.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sterling_partner_engagement_manager:*:*:*:*:essentials:*:*:*",
              "matchCriteriaId": "2E69B0AA-05ED-45D5-9BD0-85B9A62CB8C1",
              "versionEndExcluding": "6.2.0.6",
              "versionStartIncluding": "6.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sterling_partner_engagement_manager:*:*:*:*:standard:*:*:*",
              "matchCriteriaId": "B9BFF5AB-317A-4FC0-8947-9D70C8683BC9",
              "versionEndExcluding": "6.2.0.6",
              "versionStartIncluding": "6.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sterling_partner_engagement_manager:*:*:*:*:essentials:*:*:*",
              "matchCriteriaId": "843C4066-2495-4BF7-8DD2-93BEFA6A75FA",
              "versionEndExcluding": "6.2.1.3",
              "versionStartIncluding": "6.2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sterling_partner_engagement_manager:*:*:*:*:standard:*:*:*",
              "matchCriteriaId": "D387A776-BCE6-4C54-9B34-DEAFABB61B69",
              "versionEndExcluding": "6.2.1.3",
              "versionStartIncluding": "6.2.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim.  IBM X-Force ID:  245891."
    },
    {
      "lang": "es",
      "value": "IBM Sterling Partner Engagement Manager v6.1, v6.2 y v6.2.1 podr\u00eda permitir a un atacante remoto secuestrar la acci\u00f3n de hacer clic de la v\u00edctima. Al persuadir a una v\u00edctima para que visite un sitio web malicioso, un atacante remoto podr\u00eda aprovechar esta vulnerabilidad para secuestrar las acciones de clic de la v\u00edctima y, posiblemente, lanzar m\u00e1s ataques contra ella. IBM X-Force ID: 245891."
    }
  ],
  "id": "CVE-2023-23482",
  "lastModified": "2024-11-21T07:46:16.950",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.6,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-08T02:15:09.157",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/245891"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7001569"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/245891"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7001569"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.