CVE-2025-14811

EUVD-2025-208653
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.1 LOW
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
ibmsterling_partner_engagement_manager
6.2.3 ≤
𝑥
< 6.2.3.6
ibmsterling_partner_engagement_manager
6.2.3 ≤
𝑥
< 6.2.3.6
ibmsterling_partner_engagement_manager
6.2.4 ≤
𝑥
< 6.2.4.3
ibmsterling_partner_engagement_manager
6.2.4 ≤
𝑥
< 6.2.4.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.ibm.com/support/pages/node/7263391