Ibm Sterling Partner Engagement Manager
23 CVEs affecting Ibm Sterling Partner Engagement Manager. Latest disclosed: 2026-03-13. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-33093 | High | 7.5 | 2025-05-07 | IBM Sterling Partner Engagement Manager 6.1.0, 6.2.0, 6.2.2 JWT secret is stored in public Helm Charts and is not stored as a Kubernetes secret. |
CVE-2022-35639 | High | 7.5 | 2022-07-26 | IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connection which could cause the server to become unresponsive. I… |
CVE-2022-22360 | High | 7.5 | 2022-07-19 | IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 could allow a remote authenticated attacker to conduct an LDAP injection. By using a sp… |
CVE-2022-22358 | High | 7.1 | 2022-07-19 | IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data… |
CVE-2022-34335 | Medium | 6.5 | 2023-01-11 | IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.1 could allow an authenticated user to exhaust server resources which could lead to a denial of… |
CVE-2023-38722 | Medium | 6.4 | 2023-10-23 | IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrar… |
CVE-2023-23481 | Medium | 6.4 | 2023-06-08 | IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary Ja… |
CVE-2022-40615 | Medium | 6.3 | 2023-01-11 | IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, whi… |
CVE-2022-34334 | Medium | 6.3 | 2022-10-10 | IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the… |
CVE-2025-13702 | Medium | 6.1 | 2026-03-13 | IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulnerable to cross-site scripting. This vulnerability allows an… |
CVE-2023-43045 | Medium | 5.9 | 2023-10-23 | IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM… |
CVE-2022-22332 | Medium | 5.6 | 2022-04-01 | IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for the JWT token. IBM X-… |
CVE-2023-28517 | Medium | 5.4 | 2024-03-13 | IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaS… |
CVE-2023-23480 | Medium | 5.4 | 2023-06-08 | IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScrip… |
CVE-2023-23482 | Medium | 5.4 | 2023-06-08 | IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim t… |
CVE-2022-22417 | Medium | 5.4 | 2022-07-19 | IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitra… |
CVE-2022-22416 | Medium | 5.4 | 2022-07-19 | IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated at… |
CVE-2025-13723 | Medium | 5.3 | 2026-03-13 | IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using… |
CVE-2025-13726 | Medium | 5.3 | 2026-03-13 | IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information when… |
CVE-2022-22359 | Medium | 4.3 | 2022-07-19 | IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site request forgery which could allow an attacker to execute ma… |