CVE-2025-14811

LOW

IBM Sterling Partner Engagement Manager 6.2.3.0-6.2.3.5/6.2.4.0-6.2.4.2 - Info Disclosure

Title source: llm

Description

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques.

References (1)

[Various Sources] https://www.ibm.com/support/pages/node/7263391

Scores

CVSS v3 3.1

EPSS 0.0003

EPSS Percentile 8.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-598

Status published

Products (3)

IBM/Sterling Partner Engagement Manager 6.2.3.0 - 6.2.3.5

IBM/Sterling Partner Engagement Manager 6.2.4.0 - 6.2.4.2

ibm/sterling_partner_engagement_manager 6.2.3 - 6.2.3.6 (2 CPE variants)

Published Mar 13, 2026

Tracked Since Mar 14, 2026