Integration News

IBM Sterling Partner Engagement Manager has several issues with secrets management

Summary
IBM Sterling Partner Engagement Manager’s JWT secret is stored in public Helm Charts and is not stored as a Kubernetes secret. This issue has been addressed in the latest Helm Chart.

Vulnerability Details
CVEID: CVE-2025-33093
Description: IBM Sterling Partner Engagement Manager’s JWT secret is stored in public Helm Charts and is not stored as a Kubernetes secret.
CWE: CWE-260: Password in Configuration File
CVSS Source: IBM
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Remediation/Fixes

Product

Version

Remediation / Fix / Instructions

PEM

6.1.x, 6.2.0, 6.2.3, 6.2.4

Workarounds and Mitigations

None.

Change History

07 May 2025: Initial Publication

Click the button below to download this newsletter in PDF format.

Download

 

 

home.b2b.solutions
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can offer you the best possible user experience.
Cookie information is stored in your browser and performs functions such as recognizing you when you return to our website or helping our team understand which sections of the website you find most interesting and useful.