This portal is to open public enhancement requests for IBM Sterling products and services. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).
Shape the future of IBM!
We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:
Search existing ideas
Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updateson them if they matter to you. If you can't find what you are looking for,
Post your ideas
Post an idea.
Get feedback from the IBM team and other customers to refine your idea.
Follow the idea through the IBM Ideas process.
Specific links you will want to bookmark for future use
At current situation a malicious user can bypass the file type restrictions for logos in pem-pp application. It is possible to bypass the upload restrictions and upload a disallowed file by changing the file Content-Type to an allowed one. The ser...
Use a whitelist approach to validate the file extension in /dsv/sponsor/module/fileManagement and /dsv/partner/module/fileManagement
The PEM is vulnerable to an unrestricted file upload on the path /dsv/partner/module/fileManagement/ and /dsv/sponsor/module/fileManagement in the parameter file. Through this vulnerability it is possible to upload a windows executable file that t...
PEM currently only supports basic authentication for SMTP. ( user id, password ). At most, it does allow you to select between smtp and smtps. However, smtp providers have been moving away from basic authentication for some time. PEM does not allo...
Some of REST APIs for IBM products have token authentication implemented. I.e., call a sign in API to get a token, and then use the token in a HTTP Header for all other API calls.
IBM Sterling Secure Proxy: https://www.ibm.com/su...
Ability to add custom HTTP headers for PEM application
Due to security concerns, security team likes to have custom HTTP headers in all HTTP traffic. Request you to please add a new feature is to be able to configure HTTP header for PEM application. This is required to get CA signed certificates from ...
Track Internal Users on PEM When PEM Registration Invite Sent to partner
Currently many users (MFT BA's & Engineers) are utilizing PEM, the number of users utilizing PEM may increase in the future. So there is a need to define a process or mechanism within PEM to track which internal EFX user is sending out new reg...
Do not place IBM confidential, company confidential, or personal information into any field.