IBM Sterling


This portal is to open public enhancement requests for IBM Sterling products and services. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

ADD A NEW IDEA

FILTER BY CATEGORY

Sterling Partner Engagement Manager

Showing 193

Check file upload content with magic bytes

At current situation a malicious user can bypass the file type restrictions for logos in pem-pp application. It is possible to bypass the upload restrictions and upload a disallowed file by changing the file Content-Type to an allowed one. The ser...
8 days ago in Sterling Partner Engagement Manager / Security 0 Submitted

Strip LDAP syntax from SEAS return data and return just the values

PEM/PCM requires each user to have a “role”. When LDAP is integrated with PCM, the “role” is obtained as a mapping from an LDAP attribute value. Enterprise customers with an enterprise Microsoft Active Directory schema can be constrained from usin...
17 days ago in Sterling Partner Engagement Manager / Permission/Roles 0 Under review

Use a whitelist approach to validate the file extension in /dsv/sponsor/module/fileManagement and /dsv/partner/module/fileManagement

The PEM is vulnerable to an unrestricted file upload on the path /dsv/partner/module/fileManagement/ and /dsv/sponsor/module/fileManagement in the parameter file. Through this vulnerability it is possible to upload a windows executable file that t...
about 1 month ago in Sterling Partner Engagement Manager / Security 2 Under review

Support Additional methods of smtp authentication

PEM currently only supports basic authentication for SMTP. ( user id, password ). At most, it does allow you to select between smtp and smtps. However, smtp providers have been moving away from basic authentication for some time. PEM does not allo...
11 months ago in Sterling Partner Engagement Manager / Security 1 Future consideration

Dynamic Selection of data in UI Tables

We are referring below article, https://www.ibm.com/docs/en/partnerengagemanager?topic=components-defining-static-dynamic-data We have one requirement where we want to show the dynamic data on PEM UI tables while activity execution and also based ...
about 2 months ago in Sterling Partner Engagement Manager / Onboarding 0 Under review

Adding scheduler functionality in PEM just like we have in SI.

Hi Team, I am writing in regarding to a missing functionality in IBM PEM which is Scheduler. Currently, in PEM whatever we want to do can only be done via an Activity and to make it happen we need to manually execute an activity everytime we want ...
6 months ago in Sterling Partner Engagement Manager / User Administration 0 Future consideration

One Activity with the final Name rather than having all activity with the different Name.

Currently in PEM, if we "Mark as Final" one activity with a certain name then we cannot use the same name for any other activity even if we delete that particular activity. This cause a lot of issues with the non-development personal as to which v...
6 months ago in Sterling Partner Engagement Manager / Administration & Configuration 0 Not under consideration

Role based access to unprovision of codelist facility

functionality where unprovision button is only available to first/primary sponsor admin.
over 1 year ago in Sterling Partner Engagement Manager / Administration & Configuration 1 Planned for future release

Support for token authentication

Some of REST APIs for IBM products have token authentication implemented. I.e., call a sign in API to get a token, and then use the token in a HTTP Header for all other API calls. Example Products: IBM Sterling Secure Proxy: https://www.ibm.com/su...
over 5 years ago in Sterling Partner Engagement Manager / Security 3 Planned for future release

encryption of passwords in setup.cfg

There are multiple passwords mentioned in the file setup.cfg - database, truststore, test mode, etc. these passwords are expected to be encrypted as per customers security requirements. Currently these are in plaintext.
over 1 year ago in Sterling Partner Engagement Manager / Administration & Configuration 0 Planned for future release

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.