Ibm

Sterling Partner Engagement Manager

18 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-13702

  • EPSS 0.03%
  • Veröffentlicht 13.03.2026 18:33:12
  • Zuletzt bearbeitet 18.03.2026 19:19:19

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the inte...

7.5

CVE-2025-13718

  • EPSS 0.02%
  • Veröffentlicht 13.03.2026 18:33:07
  • Zuletzt bearbeitet 18.03.2026 19:18:38

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors.

7.5

CVE-2025-13723

  • EPSS 0.02%
  • Veröffentlicht 13.03.2026 18:32:45
  • Zuletzt bearbeitet 18.03.2026 19:18:28

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using an expired access token

7.5

CVE-2025-13726

  • EPSS 0.05%
  • Veröffentlicht 13.03.2026 18:26:34
  • Zuletzt bearbeitet 18.03.2026 20:28:22

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further a...

3.1

CVE-2025-14811

  • EPSS 0.03%
  • Veröffentlicht 13.03.2026 18:22:00
  • Zuletzt bearbeitet 16.03.2026 14:54:11

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in ...

7.5

CVE-2025-33093

  • EPSS 0.22%
  • Veröffentlicht 07.05.2025 11:15:52
  • Zuletzt bearbeitet 13.11.2025 19:31:04

IBM Sterling Partner Engagement Manager 6.1.0, 6.2.0, 6.2.2 JWT secret is stored in public Helm Charts and is not stored as a Kubernetes secret.

5.5

CVE-2022-35640

  • EPSS 0.02%
  • Veröffentlicht 16.07.2024 23:15:10
  • Zuletzt bearbeitet 21.11.2024 07:11:25

IBM Sterling Partner Engagement Manager 6.2.2 could allow a local attacker to obtain sensitive information when a detailed technical error message is returned. IBM X-Force ID: 230933.

5.4

CVE-2023-28517

  • EPSS 0.07%
  • Veröffentlicht 13.03.2024 10:15:06
  • Zuletzt bearbeitet 22.01.2025 18:40:49

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cr...

7.5

CVE-2023-43045

  • EPSS 0.03%
  • Veröffentlicht 23.10.2023 18:15:10
  • Zuletzt bearbeitet 21.11.2024 08:23:39

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM X-Force ID: 266896.

5.4

CVE-2023-38722

  • EPSS 0.06%
  • Veröffentlicht 23.10.2023 18:15:09
  • Zuletzt bearbeitet 21.11.2024 08:14:07

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin...