Skip to Main Content
IBM Sterling


This portal is to open public enhancement requests for IBM Sterling products and services. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

ADD A NEW IDEA

Pinned ideas

PINNED Present Multiple Host Keys - RSA and ECDSA
As with standard Linux servers today Secure Proxy should be able to present Host Keys (more than one) in both RSA and ECDSA formats depending on what type the vendor incoming connection supports. Vendors are demanding Host Keys that are stronger t...
PINNED Add support to controllerWorkflow script to restart BPs that are in "completed, error" state by individual BP IDs
During system issues, we are unable to bulk restart the BP IDs at a time. This is causing huge support effort in the clean-up process. Existing controllerWorkflow.sh script doesn't have a solution to restart the BPIDs that are in "completed, error...

All ideas

Showing 63

The default Admin ID to be remove from a future release of software.

During the Control Center installation, admin accounts get created in Control Center, and as per the AXIS security team, there should not be any generic accounts like admin, administrator, etc As per IBM OEM the feasibility of removing the 'adm...

Security Vulnerability Password in Plain text

We have identified a security vulnerability regarding passwords being stored in plain text in the application.Despite the solution provided by IBM not being accepted by the application support team, they have recommended raising an RFE case. ...
5 months ago in Sterling Control Center Monitor / Security 0 Under review

Script to suppress the alerts during/after the maintenance hours

We CCM running on our environment and monitoring SFG/B2Bi/SEAS/CD components. During weekend maintenance/Disaster recovery Test we need to suppress/clear the alerts in CCM Panel manually. It will be easy if we can schedule a job run a script to cl...

Export users details, permissions, paths configured, folder permissions in a one consolidated sheet in IBM Sterling Filegateway

Exporting users details like username, surname, email, permissions, file system paths configured in FS virtual root, adapter level permissions, folder level permissions in a one consolidated sheet for the use of security teams/ CISO teams to valid...
11 months ago in Sterling File Gateway 0 Under review

Refresh Token provided in HTTP Headers

Current situation: The OpenID Connect refresh token is sent as a GET parameter to the webservers of pem-pp and pem-pr applications so the refresh token is showed in the URL history of the browser/sniffer traffic: Example: GET/rochesso/home?refresh...
about 1 year ago in Sterling Partner Engagement Manager / Security 0 Under review

Use Refresh token rotation to make Jwt token more secure

Current Situation: An access token allows temporary access to restricted resources, PEM APIs, and so has a short validity period of 5 minutes (configurable through system properties). A refresh token has a longer validity as it allows users to log...
about 1 year ago in Sterling Partner Engagement Manager / Security 0 Under review

Check file upload content with magic bytes

At current situation a malicious user can bypass the file type restrictions for logos in pem-pp application. It is possible to bypass the upload restrictions and upload a disallowed file by changing the file Content-Type to an allowed one. The ser...
about 1 year ago in Sterling Partner Engagement Manager / Security 0 Under review

Strip LDAP syntax from SEAS return data and return just the values

PEM/PCM requires each user to have a “role”. When LDAP is integrated with PCM, the “role” is obtained as a mapping from an LDAP attribute value. Enterprise customers with an enterprise Microsoft Active Directory schema can be constrained from usin...
about 1 year ago in Sterling Partner Engagement Manager / Permission/Roles 0 Under review

Dynamic Selection of data in UI Tables

We are referring below article, https://www.ibm.com/docs/en/partnerengagemanager?topic=components-defining-static-dynamic-data We have one requirement where we want to show the dynamic data on PEM UI tables while activity execution and also based ...
over 1 year ago in Sterling Partner Engagement Manager / Onboarding 0 Under review

importMAPs.sh not loading the UserName & Change History Description

While deploying the Map sources using importMAPs.sh script, its loading without having UserName and Change History. The script have the abilities to take invokearguments but not sure how we can pass that option. importBPs.sh script have the option...
over 1 year ago in Sterling B2B Integrator / Administration & Configuration 0 Under review