Ibm Sterling Partner Engagement Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Sterling Partner Engagement Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2022-35639 — CVSS 7.5 (high): IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connection which could cause the server to…
CVE-2025-33093 — CVSS 7.5 (high): IBM Sterling Partner Engagement Manager 6.1.0, 6.2.0, 6.2.2 JWT secret is stored in public Helm Charts and is not stored as a Kubernetes…
CVE-2022-34348 — CVSS 7.1 (high): IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A…
CVE-2022-34334 — CVSS 6.5 (medium): IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate…
CVE-2022-34335 — CVSS 6.5 (medium): IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.1 could allow an authenticated user to exhaust server resources which could…
CVE-2023-38722 — CVSS 6.4 (medium): IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. This vulnerability allows…
CVE-2023-23481 — CVSS 6.4 (medium): IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users…
CVE-2022-40615 — CVSS 6.3 (medium): IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted…
CVE-2025-13702 — CVSS 6.1 (medium): IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulnerable to cross-site scripting. This…
CVE-2023-43045 — CVSS 5.9 (medium): IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper…
CVE-2023-28517 — CVSS 5.4 (medium): IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to…
CVE-2023-23482 — CVSS 5.4 (medium): IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. By…
CVE-2023-23480 — CVSS 5.4 (medium): IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed…
CVE-2025-13723 — CVSS 5.3 (medium): IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive…
CVE-2025-13726 — CVSS 5.3 (medium): IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain…
CVE-2022-35640 — CVSS 4.0 (medium): IBM Sterling Partner Engagement Manager 6.2.2 could allow a local attacker to obtain sensitive information when a detailed technical error…
CVE-2025-13718 — CVSS 3.7 (low): IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain…
CVE-2025-14811 — CVSS 3.1 (low): IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive…