IBM Sterling Partner Engagement Manager
Moderate fix2 remedies
cpe:2.3:a:ibm:sterling_partner_engagement_manager:*:*:*:*:*:*:*
Moderate fix2 remedies
- >= 6.2.3.0, <= 6.2.3.5
- >= 6.2.4.0, <= 6.2.4.2
IBM Sterling Partner Engagement Manager Expired Access Token Information Disclosure Vulnerability
Vulnerability
Patched
A vulnerability exists in IBM Sterling Partner Engagement Manager versions 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2, allowing an attacker to access sensitive user information using an expired access token. This issue is rooted in the improper handling of access token expiration, which could be exploited to retrieve confidential data.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive user information.
Remediation
Users are advised to upgrade to IBM Sterling Partner Engagement Manager version 6.2.3.6 or 6.2.4.3, depending on their current version. Instructions for downloading the patched versions are available on the IBM Support Fix Central website.
Added: Mar 13, 2026, 8:36 PM
Updated: Mar 13, 2026, 8:36 PM
Vulnerability Rating
Custom Algorithm
spread
1.4impact
2.5exploitability
4.3remediation
7.7relevance
4.3threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.