IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
IBM Sterling Partner Engagement Manager affected
Version Status Constraints
6.2.3.0 affected ≤ 6.2.3.5
6.2.4.0 affected ≤ 6.2.4.2

No data.

No data.

No data.

Project Subscriptions

Vendors Products
Ibm Subscribe
Sterling Partner Engagement Manager Subscribe
Advisories

No advisories yet.

Fixes

Solution

Remediation/Fixes IBM strongly recommends addressing the vulnerability now by upgrading, Product(s) Affected Version Range Remediated Version Instructions / Download IBM Sterling Partner Engagement Manager Essentials Edition 6.2.3.0 – 6.2.3.5 6.2.3.6 Download 6.2.3.6 IBM Sterling Partner Engagement Manager Essentials Edition 6.2.4.0 – 6.2.4.2 6.2.4.3 Download 6.2.4.3 IBM Sterling Partner Engagement Manager Standard Edition 6.2.3.0 – 6.2.3.5 6.2.3.6 Download 6.2.3.6 IBM Sterling Partner Engagement Manager Standard Edition 6.2.4.0 – 6.2.4.2 6.2.4.3 Download 6.2.4.3

Workaround

No workaround given by the vendor.

References
Link Providers
https://www.ibm.com/support/pages/node/7263391 cve-icon cve-icon
History

Fri, 13 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
Title Multiple Security Vulnerabilities in IBM Sterling Partner Engagement Manager IBM Sterling Partner Engagement Manager Information Disclosure

Fri, 13 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
Description IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques.
Title Multiple Security Vulnerabilities in IBM Sterling Partner Engagement Manager
First Time appeared Ibm
Ibm sterling Partner Engagement Manager
Weaknesses CWE-598
CPEs cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.0:*:*:*:essentials:*:*:*
cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.5:*:*:*:essentials:*:*:*
cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.5:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.0:*:*:*:essentials:*:*:*
cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.2:*:*:*:essentials:*:*:*
cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.2:*:*:*:standard:*:*:*
Vendors & Products Ibm
Ibm sterling Partner Engagement Manager
References
Metrics cvssV3_1

{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-03-13T18:44:03.621Z

Reserved: 2025-12-16T23:18:27.896Z

Link: CVE-2025-14811

cve-icon Vulnrichment

Updated: 2026-03-13T18:43:58.846Z

cve-icon NVD

Status : Received

Published: 2026-03-13T19:53:50.353

Modified: 2026-03-13T19:53:50.353

Link: CVE-2025-14811

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses