CVE-2025-33093 IBM Sterling Partner Engagement Manager information disclosure

🗓️ 07 May 2025 11:04:31Reported by ibmType

IBM Sterling Partner Engagement Manager has JWT secret exposed in public Helm Charts, risking disclosure.

Reporter	Title	Published	Views	Family All 11
IBM Security Bulletins	Security Bulletin: IBM Sterling Partner Engagement Manager has several issues with secrets management (CVE-2025-33093)	7 May 202508:40	–	ibm
Circl	CVE-2025-33093	7 May 202511:22	–	circl
CNNVD	IBM Sterling Partner Engagement Manager 安全漏洞	7 May 202500:00	–	cnnvd
CNVD	IBM Sterling Partner Engagement Manager Improper Key Storage Vulnerability	14 May 202500:00	–	cnvd
CVE	CVE-2025-33093	7 May 202511:04	–	cve
EUVD	EUVD-2025-13717	3 Oct 202520:07	–	euvd
NVD	CVE-2025-33093	7 May 202511:15	–	nvd
OSV	CVE-2025-33093	7 May 202511:15	–	osv
Positive Technologies	PT-2025-20069	7 May 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-33093	9 May 202511:12	–	redhatcve

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.1.2:*:*:*:standard:*:*:*",
      "cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.1.2:*:*:*:essentials:*:*:*",
      "cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.0:*:*:*:standard:*:*:*",
      "cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.0:*:*:*:essentials:*:*:*",
      "cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.2:*:*:*:standard:*:*:*",
      "cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.2:*:*:*:essentials:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "Sterling Partner Engagement Manager",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "6.1.0"
      },
      {
        "status": "affected",
        "version": "6.2.0"
      },
      {
        "status": "affected",
        "version": "6.2.2"
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/7232762

28 Aug 2025 14:21Current

CVSS 3.17.5

EPSS0.00301

CWE-260