CVE-2025-13726 - Vulnerability Details

Description

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system.

Published: 2026-03-13

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

IBM Sterling Partner Engagement Manager versions 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 are vulnerable to a remote information‑disclosure flaw that occurs when detailed technical error messages are returned to an attacker. These messages can expose sensitive system information, which could be leveraged for further attacks. The weakness is categorized as a System Information Leak (CWE‑209).

Affected Systems

Affected products include IBM Sterling Partner Engagement Manager Essentials Edition and Standard Edition. The specific affected version ranges are 6.2.3.0‑6.2.3.5 and 6.2.4.0‑6.2.4.2. Remediation is available in version 6.2.3.6 for the 6.2.3.x line and 6.2.4.3 for the 6.2.4.x line. The issue is identified in the following CPEs: cpe:2.3:a:ibm:sterling_partner_engagement_manager:*:*:*:*:essentials:*:*:*, cpe:2.3:a:ibm:sterling_partner_engagement_manager:*:*:*:*:standard:*:*:*, cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.0:*:*:*:essentials:*:*:*, cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.0:*:*:*:standard:*:*:*, cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.5:*:*:*:essentials:*:*:*, cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.5:*:*:*:standard:*:*:*, cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.0:*:*:*:essentials:*:*:*, cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.0:*:*:*:standard:*:*:*, cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.2:*:*:*:essentials:*:*:*, cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.2:*:*:*:standard:*:*:*

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, while the EPSS score of less than 1% implies a low expected exploitation probability. The vulnerability is not listed in CISA’s KEV catalog. Based on the description, it is inferred that exploitation requires a remote attacker to trigger an error condition in the application, causing detailed technical information to be sent back to the requester. No special access or privileged conditions are explicitly mentioned, suggesting that the attack can be performed through standard network interaction with the affected service.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

IBM

Sterling Partner Engagement Manager

unaffected

Version	Status	Constraints
`6.2.3.0`	affected	≤ 6.2.3.5
`6.2.4.0`	affected	≤ 6.2.4.2

Configuration 1 [-]

AND

OR	cpe:2.3:a:ibm:sterling_partner_engagement_manager:::::essentials:::*
	cpe:2.3:a:ibm:sterling_partner_engagement_manager:::::standard:::*
	cpe:2.3:a:ibm:sterling_partner_engagement_manager:::::essentials:::*
	cpe:2.3:a:ibm:sterling_partner_engagement_manager:::::standard:::*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Ibm

Sterling Partner Engagement Manager

95%

Version	Status	Scheme	Platform
`[6.2.3.0,6.2.3.5]`	affected	semver	—
`[6.2.4.0,6.2.4.2]`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

Vendor Solution

Remediation/Fixes IBM strongly recommends addressing the vulnerability now by upgrading, Product(s) Affected Version Range Remediated Version Instructions / Download IBM Sterling Partner Engagement Manager Essentials Edition 6.2.3.0 – 6.2.3.5 6.2.3.6 Download 6.2.3.6 IBM Sterling Partner Engagement Manager Essentials Edition 6.2.4.0 – 6.2.4.2 6.2.4.3 Download 6.2.4.3 IBM Sterling Partner Engagement Manager Standard Edition 6.2.3.0 – 6.2.3.5 6.2.3.6 Download 6.2.3.6 IBM Sterling Partner Engagement Manager Standard Edition 6.2.4.0 – 6.2.4.2 6.2.4.3 Download 6.2.4.3

OpenCVE Recommended Actions

Apply the IBM patch for Sterling Partner Engagement Manager to version 6.2.3.6 or 6.2.4.3, depending on the current release level.
Verify that the patch has been applied correctly and that the application no longer returns detailed error messages for unauthorized requests.
Reconfigure the application to suppress or redact detailed error information if a patch cannot be applied immediately.
Monitor application logs for repeated error‑message events that could indicate exploitation attempts.

Generated by OpenCVE AI on March 18, 2026 at 21:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00047.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://www.ibm.com/support/pages/node/7263391

History

Wed, 18 Mar 2026 20:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:a:ibm:sterling_partner_engagement_manager:::::essentials:::* cpe:2.3:a:ibm:sterling_partner_engagement_manager:::::standard:::* cpe:2.3:o:linux:linux_kernel:-:::::::*
Vendors & Products		Linux Linux linux Kernel

Fri, 13 Mar 2026 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 13 Mar 2026 18:45:00 +0000

Type	Values Removed	Values Added
Description		IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system.
Title		IBM Sterling Partner Engagement Manager Information Disclosure
First Time appeared		Ibm Ibm sterling Partner Engagement Manager
Weaknesses		CWE-209
CPEs		cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.0::::essentials::: cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.0::::standard::: cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.5::::essentials::: cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.5::::standard::: cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.0::::essentials::: cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.0::::standard::: cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.2::::essentials::: cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.2::::standard:::
Vendors & Products		Ibm Ibm sterling Partner Engagement Manager
References		https://www.ibm.com/support/pages/node/7263391
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}`

Subscriptions

Ibm Sterling Partner Engagement Manager

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2026-03-13T18:26:34.401Z

Updated: 2026-03-13T19:33:11.395Z

Reserved: 2025-11-25T22:33:37.887Z

Link: CVE-2025-13726

Vulnrichment

Updated: 2026-03-13T19:33:08.691Z

NVD

Status : Analyzed

Published: 2026-03-13T19:53:48.870

Modified: 2026-03-18T20:28:22.507

Link: CVE-2025-13726

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-23T13:40:35Z

Weaknesses

CWE-209

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object