CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-13702 – IBM Sterling Partner Engagement Manager Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2025-13702
13 Mar 2026 — IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Sterling Partner Engagement Manager 6.2.3.0 hasta 6.2.3.5 y 6.2.4.0 hasta 6.2.4.2 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a un usuario autent... • https://www.ibm.com/support/pages/node/7263391 •
CVSS: 3.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-13718 – IBM Sterling Partner Engagement Manager Information Disclosure
https://notcve.org/view.php?id=CVE-2025-13718
13 Mar 2026 — IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors. IBM Sterling Partner Engagement Manager 6.2.3.0 hasta 6.2.3.5 y 6.2.4.0 hasta 6.2.4.2 podría permitir a un atacante remoto obtener información sensible en texto claro en un canal de comunicación que puede ser interceptado por actores no autorizados. • https://www.ibm.com/support/pages/node/7263391 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-13723 – IBM Sterling Partner Engagement Manager Information Disclosure
https://notcve.org/view.php?id=CVE-2025-13723
13 Mar 2026 — IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using an expired access token IBM Sterling Partner Engagement Manager 6.2.3.0 a 6.2.3.5 y 6.2.4.0 a 6.2.4.2 podría permitir a un atacante obtener información sensible del usuario utilizando un token de acceso caducado. • https://www.ibm.com/support/pages/node/7263391 • CWE-324: Use of a Key Past its Expiration Date •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-13726 – IBM Sterling Partner Engagement Manager Information Disclosure
https://notcve.org/view.php?id=CVE-2025-13726
13 Mar 2026 — IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system. IBM Sterling Partner Engagement Manager 6.2.3.0 a 6.2.3.5 y 6.2.4.0 a 6.2.4.2 podría permitir a un atacante remoto obtener información sensible cuando se devuelven mensajes de error técnicos detallados. Esta información podría ser util... • https://www.ibm.com/support/pages/node/7263391 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 3.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-14811 – IBM Sterling Partner Engagement Manager Information Disclosure
https://notcve.org/view.php?id=CVE-2025-14811
13 Mar 2026 — IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques. • https://www.ibm.com/support/pages/node/7263391 • CWE-598: Use of GET Request Method With Sensitive Query Strings •