Integration News
IBM Sterling Partner Engagement Manager is vulnerable to IBM Java SDK (Tech Edition) vulnerabilities
Summary
IBM Sterling Partner Engagement Manager 6.2.3.1, 6.1.2.10, and 6.2.0.8 address IBM Java SDK (Tech Edition) CPU vulnerabilities attached to this Security Bulletin.
Vulnerability Details
CVEID: CVE-2023-22045
Description: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality impacts.
CVSS Base score: 3.7
CVSS Temporal Score: Click here.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2023-22049
Description: An unspecified vulnerability in Java SE related to the Libraries component could allow a remote attacker to cause low integrity impacts.
CVSS Base score: 3.7
CVSS Temporal Score: Click here.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
Remediation/Fixes
Product | Versions | Remediation/Fix/Instructions |
IBM Sterling Partner Engagement Manager Essentials Edition | 6.2.3.1, 6.1.2.10, 6.2.0.8 |
Workarounds and Mitigations
There are some temporary workarounds/mitigations that can be performed (see Oracle’s Security Alert for more information), but they are not recommended as long-term solutions to this problem. Upgrading to the latest Partner Engagement Manager in your release is the only viable long-term solution.
Click on the button below to download this newsletter in Pdf format.
