How severe is CVE-2022-34334?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Vulnerability in Ibm Sterling Partner Engagement Manager

CVE-2022-34334

IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 229704.

EPSS: 0.001 (26.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.0/I:L/UI:N/AC:L/C:L/A:L/PR:L/AV:N/S:U/RL:O/E:U/RC:C.

Affected products

Ibm Sterling Partner Engagement Manager — versions 6.1, 2.0

References

www.ibm.com/support/pages/node/6828097
ibm-sterling-cve202234334-session-fixation (229704) (vdb-entry)

Frequently asked questions

What is CVE-2022-34334?: CVE-2022-34334 is a medium-severity vulnerability in Ibm Sterling Partner Engagement Manager. CVSS score: 6.3/10. Published 2022-10-10.
How severe is CVE-2022-34334?: Medium severity. CVSS v3 base score is 6.3 out of 10.