Ibm Sterling Partner Engagement Manager vulnerabilities
24 known vulnerabilities affecting ibm/sterling_partner_engagement_manager.
Total CVEs
24
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH10MEDIUM12
Vulnerabilities
Page 1 of 2
CVE-2025-13723HIGHCVSS 7.5≥ 6.2.3, < 6.2.3.6≥ 6.2.4, < 6.2.4.3+2 more2026-03-13
CVE-2025-13723 [MEDIUM] CWE-324 CVE-2025-13723: IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could al
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using an expired access token
cvelistv5nvd
CVE-2025-13726HIGHCVSS 7.5≥ 6.2.3, < 6.2.3.6≥ 6.2.4, < 6.2.4.3+2 more2026-03-13
CVE-2025-13726 [MEDIUM] CWE-209 CVE-2025-13726: IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could al
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system.
cvelistv5nvd
CVE-2025-13718HIGHCVSS 7.5≥ 6.2.3, < 6.2.3.6≥ 6.2.4, < 6.2.4.3+2 more2026-03-13
CVE-2025-13718 [LOW] CWE-319 CVE-2025-13718: IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could al
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors.
cvelistv5nvd
CVE-2025-14811MEDIUMCVSS 5.9≥ 6.2.3, < 6.2.3.6≥ 6.2.4, < 6.2.4.3+2 more2026-03-13
CVE-2025-14811 [LOW] CWE-598 CVE-2025-14811: IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could al
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques.
cvelistv5nvd
CVE-2025-13702MEDIUMCVSS 5.4≥ 6.2.3, < 6.2.3.6≥ 6.2.4, < 6.2.4.3+2 more2026-03-13
CVE-2025-13702 [MEDIUM] CWE-79 CVE-2025-13702: IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulne
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
cvelistv5nvd
CVE-2025-33093HIGHCVSS 7.5v6.1.0v6.1.2+2 more2025-05-07
CVE-2025-33093 [HIGH] CWE-260 CVE-2025-33093: IBM Sterling Partner Engagement Manager 6.1.0, 6.2.0, 6.2.2 JWT secret is stored in public Helm Char
IBM Sterling Partner Engagement Manager 6.1.0, 6.2.0, 6.2.2 JWT secret is stored in public Helm Charts and is not stored as a Kubernetes secret.
cvelistv5nvd
CVE-2022-35640MEDIUMCVSS 5.5v6.2.22024-07-16
CVE-2022-35640 [MEDIUM] CWE-209 CVE-2022-35640: IBM Sterling Partner Engagement Manager 6.2.2 could allow a local attacker to obtain sensitive infor
IBM Sterling Partner Engagement Manager 6.2.2 could allow a local attacker to obtain sensitive information when a detailed technical error message is returned. IBM X-Force ID: 230933.
cvelistv5nvd
CVE-2023-28517MEDIUMCVSS 5.4v6.1.2v6.2.0+2 more2024-03-13
CVE-2023-28517 [MEDIUM] CWE-79 CVE-2023-28517: IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to cross-site scriptin
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250421.
cvelistv5nvd
CVE-2023-43045HIGHCVSS 7.5v6.1.2v6.2.0+2 more2023-10-23
CVE-2023-43045 [MEDIUM] CWE-288 CVE-2023-43045: IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM X-Force ID: 266896.
cvelistv5nvd
CVE-2023-38722MEDIUMCVSS 5.4v6.1.2v6.2.0+2 more2023-10-23
CVE-2023-38722 [MEDIUM] CWE-79 CVE-2023-38722: IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site s
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 262174.
cvelistv5nvd
CVE-2023-23482CRITICALCVSS 9.6≥ 6.1.2, < 6.1.2.8≥ 6.2.0, < 6.2.0.6+2 more2023-06-08
CVE-2023-23482 [MEDIUM] CVE-2023-23482: IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 245891.
cvelistv5nvd
CVE-2023-23481MEDIUMCVSS 5.4≥ 6.1.2, < 6.1.2.8≥ 6.2.0, < 6.2.0.6+2 more2023-06-08
CVE-2023-23481 [MEDIUM] CWE-79 CVE-2023-23481: IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scrip
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245889.
cvelistv5nvd
CVE-2023-23480MEDIUMCVSS 5.4≥ 6.1.2, < 6.1.2.8≥ 6.2.0, < 6.2.0.6+2 more2023-06-08
CVE-2023-23480 [MEDIUM] CWE-79 CVE-2023-23480: IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting. T
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245885.
cvelistv5nvd
CVE-2022-40615CRITICALCVSS 9.8v6.1.2v6.2.0+2 more2023-01-11
CVE-2022-40615 [MEDIUM] CWE-89 CVE-2022-40615:
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. A remot
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 236208.
cvelistv5nvd
CVE-2022-34335MEDIUMCVSS 6.5v6.1.2v6.2.0+2 more2023-01-11
CVE-2022-34335 [MEDIUM] CWE-400 CVE-2022-34335:
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.1 could allow an authenticated user t
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.1 could allow an authenticated user to exhaust server resources which could lead to a denial of service. IBM X-Force ID: 229705.
cvelistv5nvd
CVE-2022-34334MEDIUMCVSS 6.5v2.0v6.12022-10-10
CVE-2022-34334 [MEDIUM] CWE-384 CVE-2022-34334: IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could all
IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 229704.
cvelistv5nvd
CVE-2022-34348HIGHCVSS 7.1≥ 2.0, < 6.1.2.6≥ 6.2.0.0, < 6.2.0.4+1 more2022-09-23
CVE-2022-34348 [HIGH] CWE-611 CVE-2022-34348: IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE)
IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 230017.
nvd
CVE-2022-35639HIGHCVSS 7.5≥ 6.1, < 6.1.2.5≥ 6.2, < 6.2.0.3+2 more2022-07-26
CVE-2022-35639 [HIGH] CVE-2022-35639: IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connec
IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connection which could cause the server to become unresponsive. IBM X-Force ID: 230932.
cvelistv5nvd
CVE-2022-22360HIGHCVSS 8.8v6.1.2v6.22022-07-19
CVE-2022-22360 [HIGH] CWE-74 CVE-2022-22360: IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 could allow a remote authent
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM X-Force ID: 220782.
cvelistv5nvd
CVE-2022-22358HIGHCVSS 7.1v6.1.2v6.22022-07-19
CVE-2022-22358 [HIGH] CWE-611 CVE-2022-22358: IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML Exte
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 220651.
cvelistv5nvd
1 / 2Next →