Skip to main content

Sterling Partner Engagement Manager

11 CVEs product

Monthly

CVE-2025-13723 MEDIUM PATCH This Month

IBM Sterling Partner Engagement Manager versions 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 contain an authentication bypass vulnerability that allows unauthenticated attackers to extract sensitive user information by leveraging expired access tokens over the network without requiring special privileges or user interaction. The vulnerability has a CVSS score of 5.3 with low attack complexity, meaning exploitation is straightforward and requires no special conditions, though the impact is limited to confidentiality breaches with no integrity or availability compromise.

Information Disclosure IBM Sterling Partner Engagement Manager
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-13726 MEDIUM PATCH This Month

IBM Sterling Partner Engagement Manager versions 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 contain an information disclosure vulnerability where detailed technical error messages are returned to remote attackers without authentication, exposing sensitive system information that can be leveraged for reconnaissance and follow-up attacks. With a CVSS score of 5.3 and low attack complexity requiring no privileges, this vulnerability poses a moderate risk as an information gathering vector in multi-stage attack campaigns, though direct exploitation impact is limited to confidentiality.

Information Disclosure IBM Sterling Partner Engagement Manager
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-33093 HIGH This Week

IBM Sterling Partner Engagement Manager 6.1.0, 6.2.0, 6.2.2 JWT secret is stored in public Helm Charts and is not stored as a Kubernetes secret. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Kubernetes Sterling Partner Engagement Manager
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-43045 HIGH PATCH This Week

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass IBM Sterling Partner Engagement Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-38722 MEDIUM PATCH This Month

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Sterling Partner Engagement Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-23482 CRITICAL PATCH Act Now

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Sterling Partner Engagement Manager
NVD
CVSS 3.1
9.6
EPSS
0.6%
CVE-2023-23481 MEDIUM PATCH This Month

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Sterling Partner Engagement Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23480 MEDIUM PATCH This Month

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Sterling Partner Engagement Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-34334 MEDIUM PATCH This Month

IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Session Fixation IBM Sterling Partner Engagement Manager
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-34348 HIGH PATCH This Week

IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Sterling Partner Engagement Manager
NVD
CVSS 3.1
7.1
EPSS
1.4%
CVE-2022-35639 HIGH PATCH This Week

IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connection which could cause the server to become unresponsive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Sterling Partner Engagement Manager Sterling Partner Engagement Manager On Cloud
NVD
CVSS 3.1
7.5
EPSS
0.9%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Sterling Partner Engagement Manager versions 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 contain an authentication bypass vulnerability that allows unauthenticated attackers to extract sensitive user information by leveraging expired access tokens over the network without requiring special privileges or user interaction. The vulnerability has a CVSS score of 5.3 with low attack complexity, meaning exploitation is straightforward and requires no special conditions, though the impact is limited to confidentiality breaches with no integrity or availability compromise.

Information Disclosure IBM Sterling Partner Engagement Manager
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Sterling Partner Engagement Manager versions 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 contain an information disclosure vulnerability where detailed technical error messages are returned to remote attackers without authentication, exposing sensitive system information that can be leveraged for reconnaissance and follow-up attacks. With a CVSS score of 5.3 and low attack complexity requiring no privileges, this vulnerability poses a moderate risk as an information gathering vector in multi-stage attack campaigns, though direct exploitation impact is limited to confidentiality.

Information Disclosure IBM Sterling Partner Engagement Manager
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

IBM Sterling Partner Engagement Manager 6.1.0, 6.2.0, 6.2.2 JWT secret is stored in public Helm Charts and is not stored as a Kubernetes secret. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Kubernetes +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass IBM Sterling Partner Engagement Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Sterling Partner Engagement Manager
NVD
EPSS 1% CVSS 9.6
CRITICAL PATCH Act Now

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Sterling Partner Engagement Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Sterling Partner Engagement Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Sterling Partner Engagement Manager
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Session Fixation IBM +1
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Sterling Partner Engagement Manager
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connection which could cause the server to become unresponsive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Sterling Partner Engagement Manager +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy