5.9
CVE-2025-14811
- EPSS 0.21%
- Veröffentlicht 13.03.2026 18:22:00
- Zuletzt bearbeitet 02.04.2026 12:16:19
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM Sterling Partner Engagement Manager Information Disclosure
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Sterling Partner Engagement Manager SwEditionessentials Version >= 6.2.3 < 6.2.3.6
Ibm ≫ Sterling Partner Engagement Manager SwEditionstandard Version >= 6.2.3 < 6.2.3.6
Ibm ≫ Sterling Partner Engagement Manager SwEditionessentials Version >= 6.2.4 < 6.2.4.3
Ibm ≫ Sterling Partner Engagement Manager SwEditionstandard Version >= 6.2.4 < 6.2.4.3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.104 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| psirt@us.ibm.com | 3.1 | 1.6 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-598 Use of HTTP Request With Sensitive Query String
The web application uses an HTTP method to process a request, but the request includes sensitive information in the query string.
https://www.ibm.com/support/pages/node/7263391