Main Vulnerability Database Vulnerabilities #VU108802

#VU108802 Password in Configuration File in IBM Sterling Partner Engagement Manager - CVE-2025-33093

Published: May 8, 2025

Vulnerability identifier: #VU108802

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2025-33093

CWE-ID: CWE-260

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
IBM Sterling Partner Engagement Manager

Software vendor:
IBM Corporation

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to IBM Sterling Partner Engagement Manager's JWT secret is stored in public Helm Charts and is not stored as a Kubernetes secret.. A remote attacker can gain unauthorized access to sensitive information on the system.

Remediation

Install updates from vendor's website.

External links

https://www.ibm.com/support/pages/node/7232762

#VU108802 Password in Configuration File in IBM Sterling Partner Engagement Manager - CVE-2025-33093

Description

Remediation

External links

Please verify you're human