CVE-2025-13726 - Vulnerability Details - OpenCVE

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Sterling Partner Engagement Manager

No data.

No data.

No data.

References

Link	Providers
https://www.ibm.com/support/pages/node/7263391

History

Fri, 13 Mar 2026 18:45:00 +0000

Type	Values Removed	Values Added
Description		IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system.
Title		IBM Sterling Partner Engagement Manager Information Disclosure
First Time appeared		Ibm Ibm sterling Partner Engagement Manager
Weaknesses		CWE-209
CPEs		cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.0::::essentials::: cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.0::::standard::: cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.5::::essentials::: cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.5::::standard::: cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.0::::essentials::: cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.0::::standard::: cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.2::::essentials::: cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.2::::standard:::
Vendors & Products		Ibm Ibm sterling Partner Engagement Manager
References		https://www.ibm.com/support/pages/node/7263391
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2026-03-13T18:26:34.401Z

Updated: 2026-03-13T19:33:11.395Z

Reserved: 2025-11-25T22:33:37.887Z

Link: CVE-2025-13726

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13726", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-11-25T22:33:37.887Z", "datePublished": "2026-03-13T18:26:34.401Z", "dateUpdated": "2026-03-13T19:33:11.395Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.0:*:*:*:standard:*:*:*", "cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.5:*:*:*:standard:*:*:*", "cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.0:*:*:*:standard:*:*:*", "cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.2:*:*:*:standard:*:*:*", "cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.0:*:*:*:essentials:*:*:*", "cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.3.5:*:*:*:essentials:*:*:*", "cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.0:*:*:*:essentials:*:*:*", "cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.4.2:*:*:*:essentials:*:*:*"], "defaultStatus": "unaffected", "product": "Sterling Partner Engagement Manager", "vendor": "IBM", "versions": [{"lessThanOrEqual": "6.2.3.5", "status": "affected", "version": "6.2.3.0", "versionType": "semver"}, {"lessThanOrEqual": "6.2.4.2", "status": "affected", "version": "6.2.4.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system.</p>"}], "value": "IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-03-13T18:36:15.520Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7263391"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Remediation/Fixes IBM strongly recommends addressing the vulnerability now by upgrading, Product(s) Affected Version Range Remediated Version Instructions / Download IBM Sterling Partner Engagement Manager Essentials Edition 6.2.3.0 \u2013 6.2.3.5 6.2.3.6 Download 6.2.3.6 IBM Sterling Partner Engagement Manager Essentials Edition 6.2.4.0 \u2013 6.2.4.2 6.2.4.3 Download 6.2.4.3 IBM Sterling Partner Engagement Manager Standard Edition 6.2.3.0 \u2013 6.2.3.5 6.2.3.6 Download 6.2.3.6 IBM Sterling Partner Engagement Manager Standard Edition 6.2.4.0 \u2013 6.2.4.2 6.2.4.3 Download 6.2.4.3</p>"}], "value": "Remediation/Fixes IBM strongly recommends addressing the vulnerability now by upgrading, Product(s) Affected Version Range Remediated Version Instructions / Download IBM Sterling Partner Engagement Manager Essentials Edition 6.2.3.0 \u2013 6.2.3.5 6.2.3.6 Download 6.2.3.6 IBM Sterling Partner Engagement Manager Essentials Edition 6.2.4.0 \u2013 6.2.4.2 6.2.4.3 Download 6.2.4.3 IBM Sterling Partner Engagement Manager Standard Edition 6.2.3.0 \u2013 6.2.3.5 6.2.3.6 Download 6.2.3.6 IBM Sterling Partner Engagement Manager Standard Edition 6.2.4.0 \u2013 6.2.4.2 6.2.4.3 Download 6.2.4.3"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Sterling Partner Engagement Manager Information Disclosure", "x_generator": {"engine": "ibm-cvegen"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-13T19:33:04.414024Z", "id": "CVE-2025-13726", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T19:33:11.395Z"}}]}}