Main Vulnerability Database Vulnerabilities #VU108802

Password in Configuration File in IBM Sterling Partner Engagement Manager - CVE-2025-33093

Published: May 8, 2025

Vulnerability identifier: #VU108802

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2025-33093

CWE-ID: CWE-260

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
IBM Sterling Partner Engagement Manager

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to IBM Sterling Partner Engagement Manager's JWT secret is stored in public Helm Charts and is not stored as a Kubernetes secret.. A remote attacker can gain unauthorized access to sensitive information on the system.

How to mitigate CVE-2025-33093

Install updates from vendor's website.

Sources

https://www.ibm.com/support/pages/node/7232762

Password in Configuration File in IBM Sterling Partner Engagement Manager - CVE-2025-33093

Detailed vulnerability description

How to mitigate CVE-2025-33093

Sources

Please verify you're human