IBM Sterling Partner Engagement Manager 6.1.0, 6.2.0, 6.2.2 JWT secret is stored in public Helm Charts and is not stored as a Kubernetes secret.
Weakness
The product stores a password in a configuration file that might be accessible to actors who do not know the password.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Sterling_partner_engagement_manager | Ibm | 6.1.0 (including) | 6.1.0 (including) |
| Sterling_partner_engagement_manager | Ibm | 6.1.2 (including) | 6.1.2 (including) |
| Sterling_partner_engagement_manager | Ibm | 6.2.0 (including) | 6.2.0 (including) |
| Sterling_partner_engagement_manager | Ibm | 6.2.2 (including) | 6.2.2 (including) |