CVE-2025-13723

IBM Sterling Partner Engagement Manager Information Disclosure

Assigner: ibm
Reserved: 25.11.2025 Published: 13.03.2026 Updated: 13.03.2026

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using an expired access token

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS Score: 5.3

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	None	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	IBM
Product	Sterling Partner Engagement Manager
Versions	affected from 6.2.3.0 to 6.2.3.5 (incl.) affected from 6.2.4.0 to 6.2.4.2 (incl.)

Vendor

IBM

Product

Sterling Partner Engagement Manager

Versions

affected from 6.2.3.0 to 6.2.3.5 (incl.)
affected from 6.2.4.0 to 6.2.4.2 (incl.)

Solutions

Remediation/Fixes IBM strongly recommends addressing the vulnerability now by upgrading, Product(s) Affected Version Range Remediated Version Instructions / Download IBM Sterling Partner Engagement Manager Essentials Edition 6.2.3.0 – 6.2.3.5 6.2.3.6 Download 6.2.3.6 IBM Sterling Partner Engagement Manager Essentials Edition 6.2.4.0 – 6.2.4.2 6.2.4.3 Download 6.2.4.3 IBM Sterling Partner Engagement Manager Standard Edition 6.2.3.0 – 6.2.3.5 6.2.3.6 Download 6.2.3.6 IBM Sterling Partner Engagement Manager Standard Edition 6.2.4.0 – 6.2.4.2 6.2.4.3 Download 6.2.4.3

References

Problem Types