CVE-2025-13723 - Vulnerability Details - OpenCVE

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using an expired access token

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Sterling Partner Engagement Manager

No data.

No data.

No data.

References

Link	Providers
https://www.ibm.com/support/pages/node/7263391

History

Fri, 13 Mar 2026 18:45:00 +0000

Type	Values Removed	Values Added
Description		IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using an expired access token
Title		IBM Sterling Partner Engagement Manager Information Disclosure
First Time appeared		Ibm Ibm sterling Partner Engagement Manager
Weaknesses		CWE-324
CPEs		cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.0::::essentials::: cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.0::::standard::: cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.5::::essentials::: cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.5::::standard::: cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.0::::essentials::: cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.0::::standard::: cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.2::::essentials::: cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.2::::standard:::
Vendors & Products		Ibm Ibm sterling Partner Engagement Manager
References		https://www.ibm.com/support/pages/node/7263391
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2026-03-13T18:32:45.559Z

Updated: 2026-03-13T19:34:50.670Z

Reserved: 2025-11-25T22:23:37.869Z

Link: CVE-2025-13723

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13723", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-11-25T22:23:37.869Z", "datePublished": "2026-03-13T18:32:45.559Z", "dateUpdated": "2026-03-13T19:34:50.670Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-03-13T18:32:45.559Z"}, "title": "IBM Sterling Partner Engagement Manager Information Disclosure", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-324", "description": "CWE-324 Use of a Key Past its Expiration Date", "type": "CWE"}]}], "affected": [{"vendor": "IBM", "product": "Sterling Partner Engagement Manager", "versions": [{"status": "affected", "version": "6.2.3.0", "lessThanOrEqual": "6.2.3.5", "versionType": "semver"}, {"status": "affected", "version": "6.2.4.0", "lessThanOrEqual": "6.2.4.2", "versionType": "semver"}], "cpes": ["cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.0:*:*:*:standard:*:*:*", "cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.5:*:*:*:standard:*:*:*", "cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.0:*:*:*:standard:*:*:*", "cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.2:*:*:*:standard:*:*:*", "cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.0:*:*:*:essentials:*:*:*", "cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.5:*:*:*:essentials:*:*:*", "cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.0:*:*:*:essentials:*:*:*", "cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.2:*:*:*:essentials:*:*:*"]}], "descriptions": [{"lang": "en", "value": "IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using an expired access token", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using an expired access token</p>"}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7263391", "tags": ["vendor-advisory", "patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "solutions": [{"lang": "en", "value": "Remediation/Fixes IBM strongly recommends addressing the vulnerability now by upgrading, Product(s) Affected Version Range Remediated Version Instructions / Download IBM Sterling Partner Engagement Manager Essentials Edition 6.2.3.0 \u2013 6.2.3.5 6.2.3.6 Download 6.2.3.6 IBM Sterling Partner Engagement Manager Essentials Edition 6.2.4.0 \u2013 6.2.4.2 6.2.4.3 Download 6.2.4.3 IBM Sterling Partner Engagement Manager Standard Edition 6.2.3.0 \u2013 6.2.3.5 6.2.3.6 Download 6.2.3.6 IBM Sterling Partner Engagement Manager Standard Edition 6.2.4.0 \u2013 6.2.4.2 6.2.4.3 Download 6.2.4.3", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Remediation/Fixes IBM strongly recommends addressing the vulnerability now by upgrading, Product(s) Affected Version Range Remediated Version Instructions / Download IBM Sterling Partner Engagement Manager Essentials Edition 6.2.3.0 \u2013 6.2.3.5 6.2.3.6 Download 6.2.3.6 IBM Sterling Partner Engagement Manager Essentials Edition 6.2.4.0 \u2013 6.2.4.2 6.2.4.3 Download 6.2.4.3 IBM Sterling Partner Engagement Manager Standard Edition 6.2.3.0 \u2013 6.2.3.5 6.2.3.6 Download 6.2.3.6 IBM Sterling Partner Engagement Manager Standard Edition 6.2.4.0 \u2013 6.2.4.2 6.2.4.3 Download 6.2.4.3</p>"}]}], "x_generator": {"engine": "ibm-cvegen"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-13T19:34:40.654031Z", "id": "CVE-2025-13723", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T19:34:50.670Z"}}]}}