CVE-2025-13718 PUBLISHED

IBM Sterling Partner Engagement Manager Information Disclosure

Assigner: ibm
Reserved: 25.11.2025 Published: 13.03.2026 Updated: 13.03.2026

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS Score: 3.7

Attack Vector	Network	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	Low
Privileges Required	None	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	IBM
Product	Sterling Partner Engagement Manager
Versions	affected from 6.2.3.0 to 6.2.3.5 (incl.) affected from 6.2.4.0 to 6.2.4.2 (incl.)

Solutions

Remediation/Fixes IBM strongly recommends addressing the vulnerability now by upgrading, Product(s) Affected Version Range Remediated Version Instructions / Download IBM Sterling Partner Engagement Manager Essentials Edition 6.2.3.0 – 6.2.3.5 6.2.3.6 Download 6.2.3.6 IBM Sterling Partner Engagement Manager Essentials Edition 6.2.4.0 – 6.2.4.2 6.2.4.3 Download 6.2.4.3 IBM Sterling Partner Engagement Manager Standard Edition 6.2.3.0 – 6.2.3.5 6.2.3.6 Download 6.2.3.6 IBM Sterling Partner Engagement Manager Standard Edition 6.2.4.0 – 6.2.4.2 6.2.4.3 Download 6.2.4.3

References

https://www.ibm.com/support/pages/node/7263391

Problem Types

CWE-319 Cleartext Transmission of Sensitive Information CWE