IBM Sterling Partner Engagement Manager 6.x JWT Secret Public Helm Charts
CVE-2025-33093 Published on May 7, 2025
IBM Sterling Partner Engagement Manager information disclosure
IBM Sterling Partner Engagement Manager 6.1.0, 6.2.0, 6.2.2 JWT secret is stored in public Helm Charts and is not stored as a Kubernetes secret.
Vulnerability Analysis
CVE-2025-33093 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
Password in Configuration File
The software stores a password in a configuration file that might be accessible to actors who do not know the password. This can result in compromise of the system for which the password is used. An attacker could gain access to this file and learn the stored password or worse yet, change the password to one of their choosing.
Products Associated with CVE-2025-33093
Want to know whenever a new CVE is published for IBM Sterling Partner Engagement Manager? stack.watch will email you.
Affected Versions
IBM Sterling Partner Engagement Manager:- Version 6.1.0 is affected.
- Version 6.2.0 is affected.
- Version 6.2.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.