Description
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors.
Published: 2026-03-13
Score: 3.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Apply Patch
AI Analysis

Impact

The vulnerability exists in IBM Sterling Partner Engagement Manager versions 6.2.3.0–6.2.3.5 and 6.2.4.0–6.2.4.2. A remote attacker can capture traffic between the client and the manager over an unencrypted channel, allowing access to sensitive data transmitted in cleartext. This flaw falls under CWE‑319 (Cleartext Transmission of Sensitive Information). The main consequence is a confidentiality breach; there is no evidence of denial of service or code execution. The attack requires the attacker to be positioned on the network path where the traffic can be observed.

Affected Systems

Affected products are IBM Sterling Partner Engagement Manager Essentials Edition and Standard Edition. The vulnerable versions are 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 for both editions. Users should refer to the IBM support link for detailed component tables and download instructions for the patched releases 6.2.3.6 and 6.2.4.3.

Risk and Exploitability

The CVSS base score is 3.7, indicating a low to moderate severity. EPSS score is less than 1 %, suggesting a very low probability of exploitation in the wild. The vulnerability is not listed in CISA’s KEV catalog. Exploitation is straightforward once an attacker can sniff the network; it does not require authentication or privileged access. The primary mitigation is to encrypt or protect the communication channel, such as by using TLS, or to apply the vendor patch.

Generated by OpenCVE AI on March 18, 2026 at 20:25 UTC.

Remediation

Vendor Solution

Remediation/Fixes IBM strongly recommends addressing the vulnerability now by upgrading, Product(s) Affected Version Range Remediated Version Instructions / Download IBM Sterling Partner Engagement Manager Essentials Edition 6.2.3.0 – 6.2.3.5 6.2.3.6 Download 6.2.3.6 IBM Sterling Partner Engagement Manager Essentials Edition 6.2.4.0 – 6.2.4.2 6.2.4.3 Download 6.2.4.3 IBM Sterling Partner Engagement Manager Standard Edition 6.2.3.0 – 6.2.3.5 6.2.3.6 Download 6.2.3.6 IBM Sterling Partner Engagement Manager Standard Edition 6.2.4.0 – 6.2.4.2 6.2.4.3 Download 6.2.4.3

OpenCVE Recommended Actions

  • Upgrade IBM Sterling Partner Engagement Manager to version 6.2.3.6 or 6.2.4.3.
  • Verify that all client-to-server communications use encryption (e.g., TLS) to prevent cleartext data transmission.
  • Regularly monitor official IBM advisories for updates and apply patches promptly.

Generated by OpenCVE AI on March 18, 2026 at 20:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 18 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:a:ibm:sterling_partner_engagement_manager:*:*:*:*:essentials:*:*:*
cpe:2.3:a:ibm:sterling_partner_engagement_manager:*:*:*:*:standard:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel

Fri, 13 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
Description IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors.
Title IBM Sterling Partner Engagement Manager Information Disclosure
First Time appeared Ibm
Ibm sterling Partner Engagement Manager
Weaknesses CWE-319
CPEs cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.0:*:*:*:essentials:*:*:*
cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.5:*:*:*:essentials:*:*:*
cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.5:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.0:*:*:*:essentials:*:*:*
cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.2:*:*:*:essentials:*:*:*
cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.2:*:*:*:standard:*:*:*
Vendors & Products Ibm
Ibm sterling Partner Engagement Manager
References
Metrics cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Ibm Sterling Partner Engagement Manager
Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-03-13T19:35:14.971Z

Reserved: 2025-11-25T22:03:39.987Z

Link: CVE-2025-13718

cve-icon Vulnrichment

Updated: 2026-03-13T19:35:07.955Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-13T19:53:48.473

Modified: 2026-03-18T19:18:38.940

Link: CVE-2025-13718

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T13:40:27Z

Weaknesses