CVE-2022-22332

High

IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for…

ibm·CWE-672·Published 2022-04-01

CVSS

7.5

EPSS

0.01

KEV

Exploits

cve.orgen

176 chars

IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for the JWT token. IBM X-Force ID: 219131.

NVDen

176 chars

IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for the JWT token. IBM X-Force ID: 219131.

IBM Sterling Partner Engagement Manager versión 6.2.0, podría permitir a un atacante hacerse pasar por otro usuario debido a una falta de un mecanismo de revocación para el token JWT. IBM X-Force ID: 219131

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N
3.0	Primary	cve.org	5.6	—	—	CVSS:3.0/PR:N/AC:H/UI:N/AV:N/S:U/A:L/C:L/I:L/E:U/RL:O/RC:C
3.0	Primary	cve.org	5.6	—	—	CVSS:3.0/PR:N/AC:H/UI:N/AV:N/S:U/A:L/C:L/I:L/E:U/RL:O/RC:C
3.0	Secondary	NVD	5.6	2.2	3.4	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N