This portal is to open public enhancement requests for IBM Sterling products and services. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).
Shape the future of IBM!
We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:
Search existing ideas
Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updateson them if they matter to you. If you can't find what you are looking for,
Post your ideas
Post an idea.
Get feedback from the IBM team and other customers to refine your idea.
Follow the idea through the IBM Ideas process.
Specific links you will want to bookmark for future use
At current situation a malicious user can bypass the file type restrictions for logos in pem-pp application. It is possible to bypass the upload restrictions and upload a disallowed file by changing the file Content-Type to an allowed one. The ser...
Strip LDAP syntax from SEAS return data and return just the values
PEM/PCM requires each user to have a “role”. When LDAP is integrated with PCM, the “role” is obtained as a mapping from an LDAP attribute value. Enterprise customers with an enterprise Microsoft Active Directory schema can be constrained from usin...
Use a whitelist approach to validate the file extension in /dsv/sponsor/module/fileManagement and /dsv/partner/module/fileManagement
The PEM is vulnerable to an unrestricted file upload on the path /dsv/partner/module/fileManagement/ and /dsv/sponsor/module/fileManagement in the parameter file. Through this vulnerability it is possible to upload a windows executable file that t...
PEM currently only supports basic authentication for SMTP. ( user id, password ). At most, it does allow you to select between smtp and smtps. However, smtp providers have been moving away from basic authentication for some time. PEM does not allo...
We are referring below article, https://www.ibm.com/docs/en/partnerengagemanager?topic=components-defining-static-dynamic-data We have one requirement where we want to show the dynamic data on PEM UI tables while activity execution and also based ...
Adding scheduler functionality in PEM just like we have in SI.
Hi Team, I am writing in regarding to a missing functionality in IBM PEM which is Scheduler. Currently, in PEM whatever we want to do can only be done via an Activity and to make it happen we need to manually execute an activity everytime we want ...
One Activity with the final Name rather than having all activity with the different Name.
Currently in PEM, if we "Mark as Final" one activity with a certain name then we cannot use the same name for any other activity even if we delete that particular activity. This cause a lot of issues with the non-development personal as to which v...
Some of REST APIs for IBM products have token authentication implemented. I.e., call a sign in API to get a token, and then use the token in a HTTP Header for all other API calls.
IBM Sterling Secure Proxy: https://www.ibm.com/su...
There are multiple passwords mentioned in the file setup.cfg - database, truststore, test mode, etc. these passwords are expected to be encrypted as per customers security requirements. Currently these are in plaintext.
Do not place IBM confidential, company confidential, or personal information into any field.