Description
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
- Attack Vector
- network
- Complexity
- high
- Privileges
- low
- User Action
- none
- Scope
- unchanged
- Confidentiality
- low
- Integrity
- none
- Availability
- none
- Weaknesses
- CWE-598
Metadata
- Primary Vendor
- IBM
- Published
- 3/13/2026
- Last Modified
- 4/2/2026
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
ibm : sterling_partner_engagement_manageribm : sterling_partner_engagement_manageribm : sterling_partner_engagement_manageribm : sterling_partner_engagement_manager
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.