IBM Sterling PME 6.2.3/6.2.4 Sensitive Data Leakage via HTTP GET Query
CVE-2025-14811 Published on March 13, 2026
IBM Sterling Partner Engagement Manager Information Disclosure
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques.
Vulnerability Analysis
CVE-2025-14811 can be exploited with network access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
Use of GET Request Method With Sensitive Query Strings
The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that requests. The query string can be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks.
Products Associated with CVE-2025-14811
Want to know whenever a new CVE is published for IBM Sterling Partner Engagement Manager? stack.watch will email you.
Affected Versions
IBM Sterling Partner Engagement Manager:- Version 6.2.3.0, <= 6.2.3.5 is affected.
- Version 6.2.4.0, <= 6.2.4.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.