Description
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques.
Published: 2026-03-13
Score: 3.1 Low
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Patch Now
AI Analysis

Impact

An attacker may extract sensitive data from the query string of an HTTP GET request. The vulnerability does not require authentication and can be abused by intercepting traffic, allowing information disclosure, but does not enable code execution or denial of service.

Affected Systems

IBM Sterling Partner Engagement Manager Essentials Edition and Standard Edition, versions 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2. The remediated releases are 6.2.3.6 and 6.2.4.3 for both editions.

Risk and Exploitability

The CVSS score of 3.1 indicates low severity, and a very low EPSS of under 1% suggests limited public exploitation. It is not listed in the CISA KEV catalog. The attack requires placing a man‑in‑the‑middle to capture unencrypted GET requests; no user interaction or privileged access is needed. While the risk is low, any exposed query data could be valuable to threat actors and should be addressed promptly.

Generated by OpenCVE AI on April 2, 2026 at 13:28 UTC.

Remediation

Vendor Solution

Remediation/Fixes IBM strongly recommends addressing the vulnerability now by upgrading, Product(s) Affected Version Range Remediated Version Instructions / Download IBM Sterling Partner Engagement Manager Essentials Edition 6.2.3.0 – 6.2.3.5 6.2.3.6 Download 6.2.3.6 IBM Sterling Partner Engagement Manager Essentials Edition 6.2.4.0 – 6.2.4.2 6.2.4.3 Download 6.2.4.3 IBM Sterling Partner Engagement Manager Standard Edition 6.2.3.0 – 6.2.3.5 6.2.3.6 Download 6.2.3.6 IBM Sterling Partner Engagement Manager Standard Edition 6.2.4.0 – 6.2.4.2 6.2.4.3 Download 6.2.4.3

OpenCVE Recommended Actions

  • Upgrade to IBM Sterling Partner Engagement Manager Essentials Edition 6.2.3.6 or 6.2.4.3, or Standard Edition 6.2.3.6 or 6.2.4.3.
  • Verify that the upgraded versions are deployed and confirm that sensitivity is no longer exposed in query strings.
  • If an immediate upgrade is not possible, monitor network traffic for suspicious GET requests and enforce HTTPS to prevent leakage.

Generated by OpenCVE AI on April 2, 2026 at 13:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 12:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ibm:sterling_partner_engagement_manager:*:*:*:*:essentials:*:*:*
cpe:2.3:a:ibm:sterling_partner_engagement_manager:*:*:*:*:standard:*:*:*

Fri, 13 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
Title Multiple Security Vulnerabilities in IBM Sterling Partner Engagement Manager IBM Sterling Partner Engagement Manager Information Disclosure

Fri, 13 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
Description IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques.
Title Multiple Security Vulnerabilities in IBM Sterling Partner Engagement Manager
First Time appeared Ibm
Ibm sterling Partner Engagement Manager
Weaknesses CWE-598
CPEs cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.0:*:*:*:essentials:*:*:*
cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.5:*:*:*:essentials:*:*:*
cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.5:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.0:*:*:*:essentials:*:*:*
cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.2:*:*:*:essentials:*:*:*
cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.2:*:*:*:standard:*:*:*
Vendors & Products Ibm
Ibm sterling Partner Engagement Manager
References
Metrics cvssV3_1

{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Ibm Sterling Partner Engagement Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-03-13T18:44:03.621Z

Reserved: 2025-12-16T23:18:27.896Z

Link: CVE-2025-14811

cve-icon Vulnrichment

Updated: 2026-03-13T18:43:58.846Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-13T19:53:50.353

Modified: 2026-04-02T12:16:19.517

Link: CVE-2025-14811

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:23:49Z

Weaknesses