NEWS T2 2024 IBM Sterling Partner Engagement Manager is vulnerable to IBM Java SDK (Tech Edition) vulnerabilities 

Integration News

IBM Sterling Partner Engagement Manager is vulnerable to IBM Java SDK (Tech Edition) vulnerabilities

Summary

IBM Sterling Partner Engagement Manager 6.2.3.1, 6.1.2.10, and 6.2.0.8 address IBM Java SDK (Tech Edition) CPU vulnerabilities attached to this Security Bulletin.

 

Vulnerability Details

CVEID: CVE-2023-22045
Description: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality impacts.
CVSS Base score: 3.7
CVSS Temporal Score: Click here.
CVSS Vector:
(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

 

CVEID: CVE-2023-22049
Description: An unspecified vulnerability in Java SE related to the Libraries component could allow a remote attacker to cause low integrity impacts.
CVSS Base score: 3.7
CVSS Temporal Score: Click here.
CVSS Vector:
(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Remediation/Fixes

Product

Versions

Remediation/Fix/Instructions

IBM Sterling Partner Engagement Manager Essentials Edition

6.2.3.1, 6.1.2.10, 6.2.0.8

Workarounds and Mitigations

There are some temporary workarounds/mitigations that can be performed (see Oracle’s Security Alert for more information), but they are not recommended as long-term solutions to this problem. Upgrading to the latest Partner Engagement Manager in your release is the only viable long-term solution.

 

Fare clic sul pulsante sottostante per scaricare questa newsletter in formato Pdf.