7.5
CVE-2025-33093
- EPSS 0.04%
- Veröffentlicht 07.05.2025 11:15:52
- Zuletzt bearbeitet 13.11.2025 19:31:04
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM Sterling Partner Engagement Manager 6.1.0, 6.2.0, 6.2.2 JWT secret is stored in public Helm Charts and is not stored as a Kubernetes secret.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Sterling Partner Engagement Manager Version6.1.0 SwEditionessentials
Ibm ≫ Sterling Partner Engagement Manager Version6.1.0 SwEditionstandard
Ibm ≫ Sterling Partner Engagement Manager Version6.1.2 SwEditionessentials
Ibm ≫ Sterling Partner Engagement Manager Version6.1.2 SwEditionstandard
Ibm ≫ Sterling Partner Engagement Manager Version6.2.0 SwEditionessentials
Ibm ≫ Sterling Partner Engagement Manager Version6.2.0 SwEditionstandard
Ibm ≫ Sterling Partner Engagement Manager Version6.2.2 SwEditionessentials
Ibm ≫ Sterling Partner Engagement Manager Version6.2.2 SwEditionstandard
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.111 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@us.ibm.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-260 Password in Configuration File
The product stores a password in a configuration file that might be accessible to actors who do not know the password.
CWE-522 Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.