CVE-2023-43045
EUVD-2023-4746623.10.2023, 18:15
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM X-Force ID: 266896.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| ibm | sterling_partner_engagement_manager | 6.1.2 |
| ibm | sterling_partner_engagement_manager | 6.1.2 |
| ibm | sterling_partner_engagement_manager | 6.2.0 |
| ibm | sterling_partner_engagement_manager | 6.2.0 |
| ibm | sterling_partner_engagement_manager | 6.2.2 |
| ibm | sterling_partner_engagement_manager | 6.2.2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-288 - Authentication Bypass Using an Alternate Path or ChannelA product requires authentication, but the product has an alternate path or channel that does not require authentication.
- CWE-306 - Missing Authentication for Critical FunctionThe product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.