CVE-2025-13723

Summary

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using an expired access token

Affected Software

VendorProductVersion RangeStatus
IBMSterling Partner Engagement Manager6.2.3.0 <= 6.2.3.5affected
IBMSterling Partner Engagement Manager6.2.4.0 <= 6.2.4.2affected

Weaknesses

  • CWE-324: CWE-324 Use of a Key Past its Expiration Date

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References