CVE-2025-14811

>= 6.2.3 and < 6.2.3.6

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sens

3.1LOW

CVE-2025-13726

>= 6.2.3 and < 6.2.3.6

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtai

5.3MEDIUM

CVE-2025-13723

>= 6.2.3 and < 6.2.3.6

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sens

5.3MEDIUM

CVE-2025-13718

>= 6.2.3 and < 6.2.3.6

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtai

3.7LOW

CVE-2025-13702

>= 6.2.3 and < 6.2.3.6

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulnerable to cross-site scripting.

6.1MEDIUM

CVE-2025-33093

all versions

IBM Sterling Partner Engagement Manager 6.1.0, 6.2.0, 6.2.2 JWT secret is stored in public Helm Charts and is not stored as a Kube

7.5HIGH

CVE-2022-35640

all versions

IBM Sterling Partner Engagement Manager 6.2.2 could allow a local attacker to obtain sensitive information when a detailed technic

4.0MEDIUM

CVE-2023-28517

all versions

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to cross-site scripting. This vulnerability allows u

5.4MEDIUM

CVE-2023-43045

all versions

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to i

5.9MEDIUM

CVE-2023-38722

all versions

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. This vulnerability a

6.4MEDIUM

CVE-2023-23482

>= 6.1.2 and < 6.1.2.8

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the vic

5.4MEDIUM

CVE-2023-23481

>= 6.1.2 and < 6.1.2.8

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. This vulnerability allow

6.4MEDIUM

CVE-2023-23480

>= 6.1.2 and < 6.1.2.8

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting. This vulnerability allows users

5.4MEDIUM

CVE-2022-40615

all versions

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. A remote attacker could send specially

6.3MEDIUM

CVE-2022-34335

all versions

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.1 could allow an authenticated user to exhaust server resources whic

6.5MEDIUM

CVE-2022-34334

all versions

IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to im

6.5MEDIUM

CVE-2022-34348

>= 2.0 and < 6.1.2.6

IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML dat

7.1HIGH

CVE-2022-35639

>= 6.1 and < 6.1.2.5

IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connection which could cause the ser

7.5HIGH