CVE-2025-33093

HIGH

IBM Sterling Partner Engagement Manager <6.2.2 - Info Disclosure

Title source: llm

Description

IBM Sterling Partner Engagement Manager 6.1.0, 6.2.0, 6.2.2 JWT secret is stored in public Helm Charts and is not stored as a Kubernetes secret.

References (1)

[Vendor Advisory] https://www.ibm.com/support/pages/node/7232762

Scores

CVSS v3 7.5

EPSS 0.0022

EPSS Percentile 44.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-260 CWE-522

Status published

Affected Products (8)

ibm/sterling_partner_engagement_manager

ibm/sterling_partner_engagement_manager

ibm/sterling_partner_engagement_manager

ibm/sterling_partner_engagement_manager

ibm/sterling_partner_engagement_manager

ibm/sterling_partner_engagement_manager

ibm/sterling_partner_engagement_manager

ibm/sterling_partner_engagement_manager

Timeline

Published May 07, 2025

Tracked Since Feb 18, 2026