CVE-2025-13718

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors...

EUVD-2025-208649

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using an expired access token...

CVE-2025-13702 IBM Sterling Partner Engagement Manager Cross-Site Scripting

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

CVE-2025-14811

IBM Sterling Partner Engagement Manager (Essentials: 6.2.3.0–6.2.3.5; 6.2.4.0–6.2.4.2; Standard: 6.2.3.0–6.2.3.5; 6.2.4.0–6.2.4.2) contains an information disclosure vulnerability. An attacker could obtain sensitive information from the query string of HTTP GET requests, potentially leveraging ma...