CVE-2025-13726

Summary

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system.

Affected Software

VendorProductVersion RangeStatus
IBMSterling Partner Engagement Manager6.2.3.0 <= 6.2.3.5affected
IBMSterling Partner Engagement Manager6.2.4.0 <= 6.2.4.2affected

Weaknesses

  • CWE-209: CWE-209 Generation of Error Message Containing Sensitive Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References