IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
IBM Sterling Partner Engagement Manager affected
Version Status Constraints
6.2.3.0 affected ≤ 6.2.3.5
6.2.4.0 affected ≤ 6.2.4.2

No data.

No data.

No data.

Project Subscriptions

Vendors Products
Ibm Subscribe
Sterling Partner Engagement Manager Subscribe
Advisories

No advisories yet.

Fixes

Solution

Remediation/Fixes IBM strongly recommends addressing the vulnerability now by upgrading, Product(s) Affected Version Range Remediated Version Instructions / Download IBM Sterling Partner Engagement Manager Essentials Edition 6.2.3.0 – 6.2.3.5 6.2.3.6 Download 6.2.3.6 IBM Sterling Partner Engagement Manager Essentials Edition 6.2.4.0 – 6.2.4.2 6.2.4.3 Download 6.2.4.3 IBM Sterling Partner Engagement Manager Standard Edition 6.2.3.0 – 6.2.3.5 6.2.3.6 Download 6.2.3.6 IBM Sterling Partner Engagement Manager Standard Edition 6.2.4.0 – 6.2.4.2 6.2.4.3 Download 6.2.4.3

Workaround

No workaround given by the vendor.

References
Link Providers
https://www.ibm.com/support/pages/node/7263391 cve-icon
History

Fri, 13 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
Description IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Title IBM Sterling Partner Engagement Manager Cross-Site Scripting
First Time appeared Ibm
Ibm sterling Partner Engagement Manager
CPEs cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.0:*:*:*:essentials:*:*:*
cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.5:*:*:*:essentials:*:*:*
cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.5:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.0:*:*:*:essentials:*:*:*
cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.2:*:*:*:essentials:*:*:*
cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.2:*:*:*:standard:*:*:*
Vendors & Products Ibm
Ibm sterling Partner Engagement Manager
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-03-13T19:35:38.848Z

Reserved: 2025-11-25T21:44:06.902Z

Link: CVE-2025-13702

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses

No weakness.