CVE Vulnerabilities

CVE-2023-43045

Authentication Bypass Using an Alternate Path or Channel

Published: Oct 23, 2023 | Modified: Nov 21, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM X-Force ID: 266896.

Weakness

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

Affected Software

Name Vendor Start Version End Version
Sterling_partner_engagement_manager Ibm 6.1.2 (including) 6.1.2 (including)
Sterling_partner_engagement_manager Ibm 6.2.0 (including) 6.2.0 (including)
Sterling_partner_engagement_manager Ibm 6.2.2 (including) 6.2.2 (including)

Potential Mitigations

References