Search

Find a vulnerability

Search criteria

    186 vulnerabilities found for sterling_file_gateway by ibm

    CVE-2026-1264 (GCVE-0-2026-1264)

    Vulnerability from nvd – Published: 2026-03-17 22:41 – Updated: 2026-03-18 20:15
    VLAI
    Title
    IBM Sterling B2B Integrator and IBM Sterling File Gateway Improper Access Controls
    Summary
    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 allows a remote unauthenticated attacker to view and delete the partners of a community and to delete the communities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing authentication for critical function
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7266518 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling B2B Integrator Affected: 6.1.0.0 , ≤ 6.1.2.7_2 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.5_1 (semver)
    Affected: 6.2.1.0 , ≤ 6.2.1.1_1 (semver)
    Affected: 6.2.2.0
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1264",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-18T20:15:50.295438Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-18T20:15:57.388Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:*:*:*:*"
              ],
              "product": "Sterling B2B Integrator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7_2",
                  "status": "affected",
                  "version": "6.1.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.5_1",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.1.1_1",
                  "status": "affected",
                  "version": "6.2.1.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Sterling B2B Integrator\u0026nbsp;\u003cspan\u003eand IBM Sterling File Gateway\u0026nbsp;\u003c/span\u003e\u003cspan\u003e6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 allows a remote unauthenticated attacker to view and delete the partners of a community and to delete the communities.\u003c/span\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM Sterling B2B Integrator\u00a0and IBM Sterling File Gateway\u00a06.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 allows a remote unauthenticated attacker to view and delete the partners of a community and to delete the communities."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing authentication for critical function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-17T22:41:42.874Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7266518"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eRemediation/Fixes Product Version APAR Remediation \u0026amp; Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48934 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48934 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48934 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48934 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry.\u003c/p\u003e"
                }
              ],
              "value": "Remediation/Fixes Product Version APAR Remediation \u0026 Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48934 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48934 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48934 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48934 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry."
            }
          ],
          "title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway Improper Access Controls",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-1264",
        "datePublished": "2026-03-17T22:41:42.874Z",
        "dateReserved": "2026-01-20T21:20:46.428Z",
        "dateUpdated": "2026-03-18T20:15:57.388Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14031 (GCVE-0-2025-14031)

    Vulnerability from nvd – Published: 2026-03-17 22:41 – Updated: 2026-03-18 20:15
    VLAI
    Title
    IBM Sterling B2B Integrator and IBM Sterling File Gateway Denial of Service
    Summary
    IBM Sterling B2B Integrator and and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could allow an unauthenticated attacker to send a specially crafted request that causes the application to crash.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7266520 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling B2B Integrator Affected: 6.1.0.0 , ≤ 6.1.2.7_2 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.5_1 (semver)
    Affected: 6.2.1.0 , ≤ 6.2.1.1_1 (semver)
    Affected: 6.2.2.0
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14031",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-18T20:15:31.145101Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-18T20:15:38.036Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:*:*:*:*"
              ],
              "product": "Sterling B2B Integrator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7_2",
                  "status": "affected",
                  "version": "6.1.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.5_1",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.1.1_1",
                  "status": "affected",
                  "version": "6.2.1.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Sterling B2B Integrator and\u0026nbsp;\u003cspan\u003eand IBM Sterling File Gateway\u0026nbsp;\u003c/span\u003e\u003cspan\u003e6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could allow an unauthenticated attacker to send a specially crafted request that causes the application to crash.\u003c/span\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM Sterling B2B Integrator and\u00a0and IBM Sterling File Gateway\u00a06.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could allow an unauthenticated attacker to send a specially crafted request that causes the application to crash."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-17T22:41:41.536Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7266520"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eRemediation/Fixes Product Version APAR Remediation \u0026amp; Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48828 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48828 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48828 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48828 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry.\u003c/p\u003e"
                }
              ],
              "value": "Remediation/Fixes Product Version APAR Remediation \u0026 Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48828 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48828 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48828 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48828 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry."
            }
          ],
          "title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway Denial of Service",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-14031",
        "datePublished": "2026-03-17T22:41:41.536Z",
        "dateReserved": "2025-12-04T14:47:49.654Z",
        "dateUpdated": "2026-03-18T20:15:38.036Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0835 (GCVE-0-2026-0835)

    Vulnerability from nvd – Published: 2026-03-13 18:57 – Updated: 2026-03-13 19:36
    VLAI
    Summary
    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7263326 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling B2B Integrator Affected: 6.1.0.0 , ≤ 6.1.2.7_2 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.5_1 (semver)
    Affected: 6.2.1.0 , ≤ 6.2.1.1_1 (semver)
    Affected: 6.2.2.0 (semver)
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:standard:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:standard:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:standard:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:standard:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:standard:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:standard:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0835",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-13T19:36:29.900119Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-13T19:36:39.022Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:standard:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:standard:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:standard:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:standard:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:standard:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:standard:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling B2B Integrator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7_2",
                  "status": "affected",
                  "version": "6.1.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.5_1",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.1.1_1",
                  "status": "affected",
                  "version": "6.2.1.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through\u0026nbsp;6.1.2.7_2,\u0026nbsp;6.2.0.0 through\u0026nbsp;6.2.0.5_1, 6.2.1.0 through\u0026nbsp;6.2.1.1_1, and 6.2.2.0 are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
                }
              ],
              "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through\u00a06.1.2.7_2,\u00a06.2.0.0 through\u00a06.2.0.5_1, 6.2.1.0 through\u00a06.2.1.1_1, and 6.2.2.0 are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-13T19:01:09.073Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7263326"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eVersion\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eRemediation \u0026amp; Fix\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.1.0.0 - 6.1.2.7_2\u003c/td\u003e\u003ctd\u003eIT48958 \u0026nbsp;\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.0.0 - 6.2.0.5_1\u003c/td\u003e\u003ctd\u003eIT48958 \u0026nbsp;\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.1.0 - 6.2.1.1_1\u003c/td\u003e\u003ctd\u003eIT48958 \u0026nbsp;\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.1.1_2 or 6.2.2.0_1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.2.0\u003c/td\u003e\u003ctd\u003eIT48958\u0026nbsp;\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.2.0_1\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cdiv\u003e\u003cp\u003eThe IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on\u0026nbsp;\u003ca href=\"http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware\u0026amp;product=ibm/Other+software/Sterling+B2B+Integrator\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=all\" target=\"_blank\" rel=\"noopener noreferrer nofollow\"\u003eFix Central\u003c/a\u003e.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry.\u003c/p\u003e\u003c/div\u003e"
                }
              ],
              "value": "ProductVersionAPARRemediation \u0026 FixIBM Sterling B2B Integrator and IBM Sterling File Gateway6.1.0.0 - 6.1.2.7_2IT48958 \u00a0Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.0.0 - 6.2.0.5_1IT48958 \u00a0Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.1.0 - 6.2.1.1_1IT48958 \u00a0Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.2.0IT48958\u00a0Apply B2Bi 6.2.2.0_1The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on\u00a0 Fix Central http://www-933.ibm.com/support/fixcentral/swg/selectFixes .\u00a0\n\nThe container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-0835",
        "datePublished": "2026-03-13T18:57:35.435Z",
        "dateReserved": "2026-01-09T23:27:35.566Z",
        "dateUpdated": "2026-03-13T19:36:39.022Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36368 (GCVE-0-2025-36368)

    Vulnerability from nvd – Published: 2026-03-13 19:35 – Updated: 2026-03-16 13:36
    VLAI
    Title
    IBM Sterling B2B Integrator and IBM Sterling File Gateway SQL Injection
    Summary
    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, and 6.2.1.0 through 6.2.1.1_1 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7263324 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling B2B Integrator Affected: 6.1.0.0 , ≤ 6.1.2.7_2 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.5_1 (semver)
    Affected: 6.2.1.0 , ≤ 6.2.1.1_1 (semver)
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36368",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-16T13:35:12.731590Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-16T13:36:43.574Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*"
              ],
              "product": "Sterling B2B Integrator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7_2",
                  "status": "affected",
                  "version": "6.1.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.5_1",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.1.1_1",
                  "status": "affected",
                  "version": "6.2.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, and 6.2.1.0 through 6.2.1.1_1 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.\u003c/p\u003e"
                }
              ],
              "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, and 6.2.1.0 through 6.2.1.1_1 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-13T19:36:14.607Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7263324"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eRemediation/Fixes Product Version APAR Remediation \u0026amp; Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48640 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48640 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48640 Apply B2Bi 6.2.1.1_2 or 6.2.2.0 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0 are available in IBM Entitled Registry.\u003c/p\u003e"
                }
              ],
              "value": "Remediation/Fixes Product Version APAR Remediation \u0026 Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48640 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48640 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48640 Apply B2Bi 6.2.1.1_2 or 6.2.2.0 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0 are available in IBM Entitled Registry."
            }
          ],
          "title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway SQL Injection",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36368",
        "datePublished": "2026-03-13T19:35:46.030Z",
        "dateReserved": "2025-04-15T21:16:55.332Z",
        "dateUpdated": "2026-03-16T13:36:43.574Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14504 (GCVE-0-2025-14504)

    Vulnerability from nvd – Published: 2026-03-13 19:08 – Updated: 2026-03-13 19:37
    VLAI
    Title
    IBM Sterling B2B Integrator and IBM Sterling File Gateway Cross-Site Scripting
    Summary
    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7263327 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling B2B Integrator Affected: 6.1.0.0 , ≤ 6.1.2.7_2 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.5_1 (semver)
    Affected: 6.2.1.0 , ≤ 6.2.1.1_1 (semver)
    Affected: 6.2.2.0
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Sterling File Gateway Affected: 6.1.0.0 , ≤ 6.1.2.7_2 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.5_1 (semver)
    Affected: 6.2.1.0 , ≤ 6.2.1.1_1 (semver)
    Affected: 6.2.2.0
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:standard:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:standard:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:standard:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:standard:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:standard:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:standard:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14504",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-13T19:36:58.233817Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-13T19:37:07.983Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:*:*:*:*"
              ],
              "product": "Sterling B2B Integrator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7_2",
                  "status": "affected",
                  "version": "6.1.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.5_1",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.1.1_1",
                  "status": "affected",
                  "version": "6.2.1.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.2.0"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:standard:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:standard:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:standard:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:standard:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:standard:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:standard:*:*:*"
              ],
              "product": "Sterling File Gateway",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7_2",
                  "status": "affected",
                  "version": "6.1.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.5_1",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.1.1_1",
                  "status": "affected",
                  "version": "6.2.1.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/p\u003e"
                }
              ],
              "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-13T19:08:37.702Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7263327"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eRemediation/Fixes Product Version APAR Remediation \u0026amp; Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48563 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48563 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48563 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48563 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry.\u003c/p\u003e"
                }
              ],
              "value": "Remediation/Fixes Product Version APAR Remediation \u0026 Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48563 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48563 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48563 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48563 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry."
            }
          ],
          "title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway Cross-Site Scripting",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-14504",
        "datePublished": "2026-03-13T19:08:37.702Z",
        "dateReserved": "2025-12-10T21:49:00.798Z",
        "dateUpdated": "2026-03-13T19:37:07.983Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14483 (GCVE-0-2025-14483)

    Vulnerability from nvd – Published: 2026-03-13 19:15 – Updated: 2026-03-13 19:37
    VLAI
    Title
    IBM Sterling B2B Integrator and IBM Sterling File Gateway Information Disclosure
    Summary
    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could disclose sensitive host information to authenticated users in responses that could be used in further attacks against the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-201 - Insertion of Sensitive Information Into Sent Data
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7263329 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling B2B Integrator Affected: 6.1.0.0 , ≤ 6.1.2.7_2 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.5_1 (semver)
    Affected: 6.2.1.0 , ≤ 6.2.1.1_1 (semver)
    Affected: 6.2.2.0 (semver)
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14483",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-13T19:37:22.913106Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-13T19:37:32.919Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:*:*:*:*"
              ],
              "product": "Sterling B2B Integrator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7_2",
                  "status": "affected",
                  "version": "6.1.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.5_1",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.1.1_1",
                  "status": "affected",
                  "version": "6.2.1.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Sterling B2B Integrator\u0026nbsp;\u003cspan\u003eand IBM Sterling File Gateway\u0026nbsp;\u003c/span\u003e\u003cspan\u003e6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could disclose sensitive host information to authenticated users in responses that could be used in further attacks against the system.\u003c/span\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM Sterling B2B Integrator\u00a0and IBM Sterling File Gateway\u00a06.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could disclose sensitive host information to authenticated users in responses that could be used in further attacks against the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-201",
                  "description": "CWE-201 Insertion of Sensitive Information Into Sent Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-13T19:15:11.844Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7263329"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eRemediation/Fixes Product Version APAR Remediation \u0026amp; Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48832 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48832 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48832 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48832 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry.\u003c/p\u003e"
                }
              ],
              "value": "Remediation/Fixes Product Version APAR Remediation \u0026 Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48832 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48832 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48832 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48832 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry."
            }
          ],
          "title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway Information Disclosure",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-14483",
        "datePublished": "2026-03-13T19:15:11.844Z",
        "dateReserved": "2025-12-10T20:02:45.446Z",
        "dateUpdated": "2026-03-13T19:37:32.919Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-40693 (GCVE-0-2023-40693)

    Vulnerability from nvd – Published: 2026-03-13 19:25 – Updated: 2026-03-13 19:44
    VLAI
    Title
    IBM Sterling B2B Integrator and IBM Sterling File Gateway Cross-Site Scripting
    Summary
    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, and 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7263329 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling B2B Integrator Affected: 6.1.0.0 , ≤ 6.1.2.7_2 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.5_1 (semver)
    Affected: 6.2.1.0 , ≤ 6.2.1.1_1 (semver)
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40693",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-13T19:44:12.134805Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-13T19:44:18.750Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*"
              ],
              "product": "Sterling B2B Integrator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7_2",
                  "status": "affected",
                  "version": "6.1.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.5_1",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.1.1_1",
                  "status": "affected",
                  "version": "6.2.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Sterling B2B Integrator\u0026nbsp;\u003cspan\u003eand IBM Sterling File Gateway\u0026nbsp;\u003c/span\u003e\u003cspan\u003e6.1.0.0 through 6.1.2.7_2, and 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1 are\u003c/span\u003e\u003cspan\u003e\u0026nbsp;vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/span\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM Sterling B2B Integrator\u00a0and IBM Sterling File Gateway\u00a06.1.0.0 through 6.1.2.7_2, and 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1 are\u00a0vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-13T19:25:02.688Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7263329"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eRemediation/Fixes Product Version APAR Remediation \u0026amp; Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48832 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48832 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48832 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48832 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry.\u003c/p\u003e"
                }
              ],
              "value": "Remediation/Fixes Product Version APAR Remediation \u0026 Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48832 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48832 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48832 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48832 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry."
            }
          ],
          "title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway Cross-Site Scripting",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-40693",
        "datePublished": "2026-03-13T19:25:02.688Z",
        "dateReserved": "2023-08-18T15:48:17.571Z",
        "dateUpdated": "2026-03-13T19:44:18.750Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36348 (GCVE-0-2025-36348)

    Vulnerability from nvd – Published: 2026-02-17 21:31 – Updated: 2026-02-18 20:37
    VLAI
    Title
    The Dashboard of IBM Sterling B2B Integrator and IBM Sterling File Gateway is Vulnerable to Information Disclosure
    Summary
    IBM Sterling B2B Integrator versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1, and IBM Sterling File Gateway versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1 may expose sensitive information to a remote privileged attacker due to the application returning detailed technical error messages in the browser.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - Generation of Error Message Containing Sensitive Information
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7259769 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling B2B Integrator Affected: 6.1.0.0 , ≤ 6.1.2.7_2 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.5 (semver)
    Affected: 6.2.1.0 , ≤ 6.2.1.1 (semver)
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Sterling File Gateway Affected: 6.1.0.0 , ≤ 6.1.2.7_2 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.5 (semver)
    Affected: 6.2.1.0 , ≤ 6.2.1.1 (semver)
        cpe:2.3:a:ibm:sterling_file_gateway:6.1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7_2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.1.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36348",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-18T20:37:42.475767Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-18T20:37:54.678Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1:*:*:*:*:*:*:*"
              ],
              "product": "Sterling B2B Integrator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7_2",
                  "status": "affected",
                  "version": "6.1.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.5",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.1.1",
                  "status": "affected",
                  "version": "6.2.1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_file_gateway:6.1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7_2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.1.1:*:*:*:*:*:*:*"
              ],
              "product": "Sterling File Gateway",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7_2",
                  "status": "affected",
                  "version": "6.1.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.5",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.1.1",
                  "status": "affected",
                  "version": "6.2.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eIBM Sterling B2B Integrator versions \u003cstrong\u003e6.1.0.0 through 6.1.2.7_2\u003c/strong\u003e, \u003cstrong\u003e6.2.0.0 through 6.2.0.5\u003c/strong\u003e, and \u003cstrong\u003e6.2.1.0 through 6.2.1.1\u003c/strong\u003e, and IBM Sterling File Gateway versions \u003cstrong\u003e6.1.0.0 through 6.1.2.7_2\u003c/strong\u003e, \u003cstrong\u003e6.2.0.0 through 6.2.0.5\u003c/strong\u003e, and \u003cstrong\u003e6.2.1.0 through 6.2.1.1\u003c/strong\u003e\u0026nbsp;may expose sensitive information to a remote privileged attacker due to the application returning detailed technical error messages in the browser.\u003c/div\u003e\u003cbr\u003e"
                }
              ],
              "value": "IBM Sterling B2B Integrator versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1, and IBM Sterling File Gateway versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1\u00a0may expose sensitive information to a remote privileged attacker due to the application returning detailed technical error messages in the browser."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-17T21:31:30.418Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7259769"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cbr\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eVersion\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eRemediation \u0026amp; Fix\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.1.0.0 - 6.1.2.7_2\u003c/td\u003e\u003ctd\u003eIT48562\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.1.2.8, 6.2.0.5_1, 6.2.1.1_1 or 6.2.2.0\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.0.0 - 6.2.0.5\u003c/td\u003e\u003ctd\u003eIT48562\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.0.5_1, 6.2.1.1_1 or 6.2.2.0\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.1.0 - 6.2.1.1\u003c/td\u003e\u003ctd\u003eIT48562\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.1.1_1 or 6.2.2.0\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e"
                }
              ],
              "value": "ProductVersionAPARRemediation \u0026 FixIBM Sterling B2B Integrator and IBM Sterling File Gateway6.1.0.0 - 6.1.2.7_2IT48562Apply B2Bi 6.1.2.8, 6.2.0.5_1, 6.2.1.1_1 or 6.2.2.0IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.0.0 - 6.2.0.5IT48562Apply B2Bi 6.2.0.5_1, 6.2.1.1_1 or 6.2.2.0IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.1.0 - 6.2.1.1IT48562Apply B2Bi 6.2.1.1_1 or 6.2.2.0"
            }
          ],
          "title": "The Dashboard of IBM Sterling B2B Integrator and IBM Sterling File Gateway is Vulnerable to Information Disclosure",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36348",
        "datePublished": "2026-02-17T21:31:30.418Z",
        "dateReserved": "2025-04-15T21:16:53.302Z",
        "dateUpdated": "2026-02-18T20:37:54.678Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36134 (GCVE-0-2025-36134)

    Vulnerability from nvd – Published: 2025-11-25 14:40 – Updated: 2025-11-25 14:49
    VLAI
    Title
    IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure
    Summary
    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7252210 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling B2B Integrator Affected: 6.0.0.0 , ≤ 6.1.2.7 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.5 (semver)
    Affected: 6.2.1.1 (semver)
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Sterling File Gateway Affected: 6.0.0.0 , ≤ 6.1.2.7 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.5 (semver)
    Affected: 6.2.1.1 (semver)
        cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36134",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-25T14:48:40.567416Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-25T14:49:21.608Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling B2B Integrator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7",
                  "status": "affected",
                  "version": "6.0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.5",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.1.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling File Gateway",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7",
                  "status": "affected",
                  "version": "6.0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.5",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.1.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1\u00a0could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1275",
                  "description": "CWE-1275",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-25T14:40:55.959Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7252210"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eVersion\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eRemediation\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.0.0.0 - 6.1.2.7_1\u003c/td\u003e\u003ctd\u003eIT48345\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.1.2.7_2, 6.2.0.5_1 or 6.2.1.1_1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.0.0 - 6.2.0.5\u003c/td\u003e\u003ctd\u003eIT48345\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.0.5_1 or 6.2.1.1_1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.1.1\u003c/td\u003e\u003ctd\u003eIT48345\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.1.1_1\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe IIM versions of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1_1 are available on \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware\u0026amp;product=ibm/Other+software/Sterling+B2B+Integrator\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=all\"\u003eFix Central\u003c/a\u003e. \u003c/p\u003e\u003cp\u003eThe container version of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1_1 are available in IBM Entitled Registry.\u003c/p\u003e\u003cbr\u003e"
                }
              ],
              "value": "ProductVersionAPARRemediationIBM Sterling B2B Integrator and IBM Sterling File Gateway6.0.0.0 - 6.1.2.7_1IT48345Apply B2Bi 6.1.2.7_2, 6.2.0.5_1 or 6.2.1.1_1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.0.0 - 6.2.0.5IT48345Apply B2Bi 6.2.0.5_1 or 6.2.1.1_1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.1.1IT48345Apply B2Bi 6.2.1.1_1\n\n\u00a0\n\nThe IIM versions of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1_1 are available on  Fix Central http://www-933.ibm.com/support/fixcentral/swg/selectFixes . \n\nThe container version of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1_1 are available in IBM Entitled Registry."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36134",
        "datePublished": "2025-11-25T14:40:55.959Z",
        "dateReserved": "2025-04-15T21:16:19.008Z",
        "dateUpdated": "2025-11-25T14:49:21.608Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36112 (GCVE-0-2025-36112)

    Vulnerability from nvd – Published: 2025-11-24 18:25 – Updated: 2025-11-24 18:58
    VLAI
    Title
    IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure
    Summary
    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could reveal sensitive server IP configuration information to an unauthorized user.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7252197 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling B2B Integrator Affected: 6.0.0.0 , ≤ 6.1.2.7 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.5 (semver)
    Affected: 6.2.1.1
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Sterling File Gateway Affected: 6.0.0.0 , ≤ 6.1.2.7 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.5 (semver)
    Affected: 6.2.1.1
        cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36112",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T18:58:11.252178Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T18:58:40.859Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling B2B Integrator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7",
                  "status": "affected",
                  "version": "6.0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.5",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.1.1"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling File Gateway",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7",
                  "status": "affected",
                  "version": "6.0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.5",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould reveal sensitive server IP configuration information to an unauthorized user.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1\u00a0could reveal sensitive server IP configuration information to an unauthorized user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "CWE-497",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-24T18:25:03.423Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7252197"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eVersion\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eRemediation\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.0.0.0 - 6.1.2.7_1\u003c/td\u003e\u003ctd\u003eIT48308\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.1.2.7_2, 6.2.0.5_1 or 6.2.1.1_1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.0.0 - 6.2.0.5\u003c/td\u003e\u003ctd\u003eIT48308\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.0.5_1 or 6.2.1.1_1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.1.1\u003c/td\u003e\u003ctd\u003eIT48308\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.1.1_1\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e \u003cbr\u003e\u003cp\u003eThe IIM versions of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1_1 are available on \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware\u0026amp;product=ibm/Other+software/Sterling+B2B+Integrator\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=all\"\u003eFix Central\u003c/a\u003e. \u003c/p\u003e\u003cp\u003eThe container version of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1_1 are available in IBM Entitled Registry.\u003c/p\u003e\u003cbr\u003e"
                }
              ],
              "value": "ProductVersionAPARRemediationIBM Sterling B2B Integrator and IBM Sterling File Gateway6.0.0.0 - 6.1.2.7_1IT48308Apply B2Bi 6.1.2.7_2, 6.2.0.5_1 or 6.2.1.1_1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.0.0 - 6.2.0.5IT48308Apply B2Bi 6.2.0.5_1 or 6.2.1.1_1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.1.1IT48308Apply B2Bi 6.2.1.1_1\n \nThe IIM versions of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1_1 are available on  Fix Central http://www-933.ibm.com/support/fixcentral/swg/selectFixes . \n\nThe container version of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1_1 are available in IBM Entitled Registry."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36112",
        "datePublished": "2025-11-24T18:25:03.423Z",
        "dateReserved": "2025-04-15T21:16:17.123Z",
        "dateUpdated": "2025-11-24T18:58:40.859Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36135 (GCVE-0-2025-36135)

    Vulnerability from nvd – Published: 2025-11-07 18:26 – Updated: 2025-11-07 18:47
    VLAI
    Title
    IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to Cross-Site Scripting
    Summary
    IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7250509 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling B2B Integrator Affected: 6.0.0.0 , ≤ 6.1.2.7_1 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.5 (semver)
    Affected: 6.2.1.0
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Sterling File Gateway Affected: 6.0.0.0 , ≤ 6.1.2.7_1 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.5 (semver)
    Affected: 6.2.1.0
        cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7_1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.5:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36135",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-07T18:46:55.714881Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-07T18:47:27.813Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling B2B Integrator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7_1",
                  "status": "affected",
                  "version": "6.0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.5",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.1.0"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7_1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.5:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling File Gateway",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7_1",
                  "status": "affected",
                  "version": "6.0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.5",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/p\u003e"
                }
              ],
              "value": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-07T18:26:57.845Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7250509"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eRemediation/Fixes Product Version APAR Remediation \u0026amp; Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 - 6.1.2.7_1 IT48350 Apply B2Bi 6.1.2.7_2. 6.2.0.5_1 or 6.2.1.1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5 IT48350 Apply B2Bi 6.2.0.5_1 or 6.2.1.1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 IT48350 Apply B2Bi 6.2.1.1 The IIM versions of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1 are available on Fix Central . The container version of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1 are available in IBM Entitled Registry.\u003c/p\u003e"
                }
              ],
              "value": "Remediation/Fixes Product Version APAR Remediation \u0026 Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 - 6.1.2.7_1 IT48350 Apply B2Bi 6.1.2.7_2. 6.2.0.5_1 or 6.2.1.1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5 IT48350 Apply B2Bi 6.2.0.5_1 or 6.2.1.1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 IT48350 Apply B2Bi 6.2.1.1 The IIM versions of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1 are available on Fix Central . The container version of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1 are available in IBM Entitled Registry."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to Cross-Site Scripting",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36135",
        "datePublished": "2025-11-07T18:26:57.845Z",
        "dateReserved": "2025-04-15T21:16:19.008Z",
        "dateUpdated": "2025-11-07T18:47:27.813Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36002 (GCVE-0-2025-36002)

    Vulnerability from nvd – Published: 2025-10-16 14:54 – Updated: 2025-10-25 02:02
    VLAI
    Title
    IBM Sterling B2B Integrator information disclosure
    Summary
    IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5, and 6.2.1.0 stores user credentials in configuration files which can be read by a local user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-260 - Password in Configuration File
    • CWE-256 - Plaintext Storage of a Password
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7248129 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling B2B Integrator Affected: 6.2.0.0 , ≤ 6.2.0.5 (semver)
    Affected: 6.2.1.0 (semver)
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Sterling File Gateway Affected: 6.2.0.0 , ≤ 6.2.0.5 (semver)
    Affected: 6.2.1.0 (semver)
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36002",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-16T16:06:34.404561Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-256",
                    "description": "CWE-256 Plaintext Storage of a Password",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-16T16:06:38.590Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling B2B Integrator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.2.0.5",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.1.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling File Gateway",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.2.0.5",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5, and 6.2.1.0 stores user credentials in configuration files which can be read by a local user.\u003c/p\u003e"
                }
              ],
              "value": "IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5, and 6.2.1.0 stores user credentials in configuration files which can be read by a local user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-260",
                  "description": "CWE-260 Password in Configuration File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-25T02:02:53.477Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7248129"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.0.0 - 6.2.0.5\u003c/td\u003e\u003ctd\u003eIT48063\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.0.5_1 or 6.2.1.1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.1.0\u003c/td\u003e\u003ctd\u003eIT48063\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.1.1\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.0.0 - 6.2.0.5IT48063Apply B2Bi 6.2.0.5_1 or 6.2.1.1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.1.0IT48063Apply B2Bi 6.2.1.1"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Sterling B2B Integrator information disclosure",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36002",
        "datePublished": "2025-10-16T14:54:53.914Z",
        "dateReserved": "2025-04-15T21:16:05.532Z",
        "dateUpdated": "2025-10-25T02:02:53.477Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2694 (GCVE-0-2025-2694)

    Vulnerability from nvd – Published: 2025-09-04 14:43 – Updated: 2025-09-04 15:02
    VLAI
    Title
    IBM Sterling B2B Integrator cross-site scripting
    Summary
    IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7244023 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling B2B Integrator Affected: 6.0.0.0 , ≤ 6.1.2.7_1 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.4 (semver)
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Sterling File Gateway Affected: 6.0.0.0 , ≤ 6.1.2.7_1 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.4 (semver)
        cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7_1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2694",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-04T14:59:45.837788Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-04T15:02:53.828Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling B2B Integrator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7_1",
                  "status": "affected",
                  "version": "6.0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.4",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7_1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling File Gateway",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7_1",
                  "status": "affected",
                  "version": "6.0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.4",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
                }
              ],
              "value": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-04T14:43:26.848Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7244023"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003eVersion\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eRemediation \u0026amp; Fix\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.0.0.0 - 6.1.2.7_1\u003c/td\u003e\u003ctd\u003eIT47981\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.1.2.7_2. 6.2.0.5 or 6.2.1.1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.0.0 - 6.2.0.4\u003c/td\u003e\u003ctd\u003eIT47981\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.0.5 or 6.2.1.1\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe IIM versions of 6.1.2.7_2, 6.2.0.5 and 6.2.1.1 are available on \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware\u0026amp;product=ibm/Other+software/Sterling+B2B+Integrator\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=all\"\u003eFix Central\u003c/a\u003e. \u003c/p\u003e\u003cp\u003eThe container version of 6.1.2.7_2, 6.2.0.5 and 6.2.1.1 are available in IBM Entitled Registry.\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "VersionAPARRemediation \u0026 FixIBM Sterling B2B Integrator and IBM Sterling File Gateway6.0.0.0 - 6.1.2.7_1IT47981Apply B2Bi 6.1.2.7_2. 6.2.0.5 or 6.2.1.1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.0.0 - 6.2.0.4IT47981Apply B2Bi 6.2.0.5 or 6.2.1.1\n\n\u00a0\n\nThe IIM versions of 6.1.2.7_2, 6.2.0.5 and 6.2.1.1 are available on  Fix Central http://www-933.ibm.com/support/fixcentral/swg/selectFixes . \n\nThe container version of 6.1.2.7_2, 6.2.0.5 and 6.2.1.1 are available in IBM Entitled Registry."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Sterling B2B Integrator cross-site scripting",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-2694",
        "datePublished": "2025-09-04T14:43:26.848Z",
        "dateReserved": "2025-03-23T14:38:43.348Z",
        "dateUpdated": "2025-09-04T15:02:53.828Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2667 (GCVE-0-2025-2667)

    Vulnerability from nvd – Published: 2025-09-04 14:45 – Updated: 2025-09-04 15:06
    VLAI
    Title
    IBM Sterling B2B Integrator information disclosure
    Summary
    IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 could disclose sensitive system information about the server to a privileged user that could aid in further attacks against the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7244021 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling B2B Integrator Affected: 6.0.0.0 , ≤ 6.1.2.7_1 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.4 (semver)
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Sterling File Gateway Affected: 6.0.0.0 , ≤ 6.1.2.7_1 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.4 (semver)
        cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7_1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2667",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-04T15:04:59.460230Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-04T15:06:16.676Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling B2B Integrator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7_1",
                  "status": "affected",
                  "version": "6.0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.4",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7_1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling File Gateway",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7_1",
                  "status": "affected",
                  "version": "6.0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.4",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 could disclose sensitive system information about the server to a privileged user that could aid in further attacks against the system."
                }
              ],
              "value": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 could disclose sensitive system information about the server to a privileged user that could aid in further attacks against the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-04T14:45:23.819Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7244021"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003eVersion\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eRemediation \u0026amp; Fix\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.0.0.0 - 6.1.2.7_1\u003c/td\u003e\u003ctd\u003eIT47981\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.1.2.7_2. 6.2.0.5 or 6.2.1.1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.0.0 - 6.2.0.4\u003c/td\u003e\u003ctd\u003eIT47981\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.0.5 or 6.2.1.1\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe IIM versions of 6.1.2.7_2, 6.2.0.5 and 6.2.1.1 are available on \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware\u0026amp;product=ibm/Other+software/Sterling+B2B+Integrator\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=all\"\u003eFix Central\u003c/a\u003e. \u003c/p\u003e\u003cp\u003eThe container version of 6.1.2.7_2, 6.2.0.5 and 6.2.1.1 are available in IBM Entitled Registry.\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "VersionAPARRemediation \u0026 FixIBM Sterling B2B Integrator and IBM Sterling File Gateway6.0.0.0 - 6.1.2.7_1IT47981Apply B2Bi 6.1.2.7_2. 6.2.0.5 or 6.2.1.1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.0.0 - 6.2.0.4IT47981Apply B2Bi 6.2.0.5 or 6.2.1.1\n\n\u00a0\n\nThe IIM versions of 6.1.2.7_2, 6.2.0.5 and 6.2.1.1 are available on  Fix Central http://www-933.ibm.com/support/fixcentral/swg/selectFixes . \n\nThe container version of 6.1.2.7_2, 6.2.0.5 and 6.2.1.1 are available in IBM Entitled Registry."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Sterling B2B Integrator information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-2667",
        "datePublished": "2025-09-04T14:45:23.819Z",
        "dateReserved": "2025-03-22T13:41:32.620Z",
        "dateUpdated": "2025-09-04T15:06:16.676Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2988 (GCVE-0-2025-2988)

    Vulnerability from nvd – Published: 2025-08-19 19:15 – Updated: 2025-08-19 19:35
    VLAI
    Title
    IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure
    Summary
    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.4, and 6.2.1.0 could disclose sensitive server information to an unauthorized user that could aid in further attacks against the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7242391 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling B2B Integrator Affected: 6.0.0.0 , ≤ 6.1.2.7 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.4 (semver)
    Affected: 6.2.1.0
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Sterling File Gateway Affected: 6.0.0.0 , ≤ 6.1.2.7 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.4 (semver)
    Affected: 6.2.1.0
        cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2988",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-19T19:32:38.788840Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-19T19:35:55.065Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling B2B Integrator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7",
                  "status": "affected",
                  "version": "6.0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.4",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.1.0"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.1.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling File Gateway",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7",
                  "status": "affected",
                  "version": "6.0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.4",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.4, and 6.2.1.0 could disclose sensitive server information to an unauthorized user that could aid in further attacks against the system."
                }
              ],
              "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.4, and 6.2.1.0 could disclose sensitive server information to an unauthorized user that could aid in further attacks against the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-19T19:15:58.525Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7242391"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eVersion\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eRemediation \u0026amp; Fix\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.0.0.0 - 6.1.2.7\u003c/td\u003e\u003ctd\u003eIT48437\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.1.2.7_1. 6.2.0.5 or 6.2.1.1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.0.0 - 6.2.0.4, 6.2.1.0\u003c/td\u003e\u003ctd\u003eIT48437\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.0.5 or 6.2.1.1\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "ProductVersionAPARRemediation \u0026 FixIBM Sterling B2B Integrator and IBM Sterling File Gateway6.0.0.0 - 6.1.2.7IT48437Apply B2Bi 6.1.2.7_1. 6.2.0.5 or 6.2.1.1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.0.0 - 6.2.0.4, 6.2.1.0IT48437Apply B2Bi 6.2.0.5 or 6.2.1.1"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-2988",
        "datePublished": "2025-08-19T19:15:58.525Z",
        "dateReserved": "2025-03-30T12:39:19.574Z",
        "dateUpdated": "2025-08-19T19:35:55.065Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-1264 (GCVE-0-2026-1264)

    Vulnerability from cvelistv5 – Published: 2026-03-17 22:41 – Updated: 2026-03-18 20:15
    VLAI
    Title
    IBM Sterling B2B Integrator and IBM Sterling File Gateway Improper Access Controls
    Summary
    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 allows a remote unauthenticated attacker to view and delete the partners of a community and to delete the communities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing authentication for critical function
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7266518 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling B2B Integrator Affected: 6.1.0.0 , ≤ 6.1.2.7_2 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.5_1 (semver)
    Affected: 6.2.1.0 , ≤ 6.2.1.1_1 (semver)
    Affected: 6.2.2.0
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1264",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-18T20:15:50.295438Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-18T20:15:57.388Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:*:*:*:*"
              ],
              "product": "Sterling B2B Integrator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7_2",
                  "status": "affected",
                  "version": "6.1.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.5_1",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.1.1_1",
                  "status": "affected",
                  "version": "6.2.1.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Sterling B2B Integrator\u0026nbsp;\u003cspan\u003eand IBM Sterling File Gateway\u0026nbsp;\u003c/span\u003e\u003cspan\u003e6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 allows a remote unauthenticated attacker to view and delete the partners of a community and to delete the communities.\u003c/span\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM Sterling B2B Integrator\u00a0and IBM Sterling File Gateway\u00a06.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 allows a remote unauthenticated attacker to view and delete the partners of a community and to delete the communities."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing authentication for critical function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-17T22:41:42.874Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7266518"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eRemediation/Fixes Product Version APAR Remediation \u0026amp; Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48934 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48934 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48934 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48934 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry.\u003c/p\u003e"
                }
              ],
              "value": "Remediation/Fixes Product Version APAR Remediation \u0026 Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48934 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48934 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48934 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48934 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry."
            }
          ],
          "title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway Improper Access Controls",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-1264",
        "datePublished": "2026-03-17T22:41:42.874Z",
        "dateReserved": "2026-01-20T21:20:46.428Z",
        "dateUpdated": "2026-03-18T20:15:57.388Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14031 (GCVE-0-2025-14031)

    Vulnerability from cvelistv5 – Published: 2026-03-17 22:41 – Updated: 2026-03-18 20:15
    VLAI
    Title
    IBM Sterling B2B Integrator and IBM Sterling File Gateway Denial of Service
    Summary
    IBM Sterling B2B Integrator and and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could allow an unauthenticated attacker to send a specially crafted request that causes the application to crash.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7266520 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling B2B Integrator Affected: 6.1.0.0 , ≤ 6.1.2.7_2 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.5_1 (semver)
    Affected: 6.2.1.0 , ≤ 6.2.1.1_1 (semver)
    Affected: 6.2.2.0
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14031",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-18T20:15:31.145101Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-18T20:15:38.036Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:*:*:*:*"
              ],
              "product": "Sterling B2B Integrator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7_2",
                  "status": "affected",
                  "version": "6.1.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.5_1",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.1.1_1",
                  "status": "affected",
                  "version": "6.2.1.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Sterling B2B Integrator and\u0026nbsp;\u003cspan\u003eand IBM Sterling File Gateway\u0026nbsp;\u003c/span\u003e\u003cspan\u003e6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could allow an unauthenticated attacker to send a specially crafted request that causes the application to crash.\u003c/span\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM Sterling B2B Integrator and\u00a0and IBM Sterling File Gateway\u00a06.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could allow an unauthenticated attacker to send a specially crafted request that causes the application to crash."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-17T22:41:41.536Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7266520"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eRemediation/Fixes Product Version APAR Remediation \u0026amp; Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48828 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48828 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48828 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48828 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry.\u003c/p\u003e"
                }
              ],
              "value": "Remediation/Fixes Product Version APAR Remediation \u0026 Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48828 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48828 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48828 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48828 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry."
            }
          ],
          "title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway Denial of Service",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-14031",
        "datePublished": "2026-03-17T22:41:41.536Z",
        "dateReserved": "2025-12-04T14:47:49.654Z",
        "dateUpdated": "2026-03-18T20:15:38.036Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36368 (GCVE-0-2025-36368)

    Vulnerability from cvelistv5 – Published: 2026-03-13 19:35 – Updated: 2026-03-16 13:36
    VLAI
    Title
    IBM Sterling B2B Integrator and IBM Sterling File Gateway SQL Injection
    Summary
    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, and 6.2.1.0 through 6.2.1.1_1 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7263324 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling B2B Integrator Affected: 6.1.0.0 , ≤ 6.1.2.7_2 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.5_1 (semver)
    Affected: 6.2.1.0 , ≤ 6.2.1.1_1 (semver)
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36368",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-16T13:35:12.731590Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-16T13:36:43.574Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*"
              ],
              "product": "Sterling B2B Integrator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7_2",
                  "status": "affected",
                  "version": "6.1.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.5_1",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.1.1_1",
                  "status": "affected",
                  "version": "6.2.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, and 6.2.1.0 through 6.2.1.1_1 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.\u003c/p\u003e"
                }
              ],
              "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, and 6.2.1.0 through 6.2.1.1_1 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-13T19:36:14.607Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7263324"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eRemediation/Fixes Product Version APAR Remediation \u0026amp; Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48640 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48640 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48640 Apply B2Bi 6.2.1.1_2 or 6.2.2.0 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0 are available in IBM Entitled Registry.\u003c/p\u003e"
                }
              ],
              "value": "Remediation/Fixes Product Version APAR Remediation \u0026 Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48640 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48640 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48640 Apply B2Bi 6.2.1.1_2 or 6.2.2.0 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0 are available in IBM Entitled Registry."
            }
          ],
          "title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway SQL Injection",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36368",
        "datePublished": "2026-03-13T19:35:46.030Z",
        "dateReserved": "2025-04-15T21:16:55.332Z",
        "dateUpdated": "2026-03-16T13:36:43.574Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-40693 (GCVE-0-2023-40693)

    Vulnerability from cvelistv5 – Published: 2026-03-13 19:25 – Updated: 2026-03-13 19:44
    VLAI
    Title
    IBM Sterling B2B Integrator and IBM Sterling File Gateway Cross-Site Scripting
    Summary
    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, and 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7263329 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling B2B Integrator Affected: 6.1.0.0 , ≤ 6.1.2.7_2 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.5_1 (semver)
    Affected: 6.2.1.0 , ≤ 6.2.1.1_1 (semver)
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40693",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-13T19:44:12.134805Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-13T19:44:18.750Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*"
              ],
              "product": "Sterling B2B Integrator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7_2",
                  "status": "affected",
                  "version": "6.1.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.5_1",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.1.1_1",
                  "status": "affected",
                  "version": "6.2.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Sterling B2B Integrator\u0026nbsp;\u003cspan\u003eand IBM Sterling File Gateway\u0026nbsp;\u003c/span\u003e\u003cspan\u003e6.1.0.0 through 6.1.2.7_2, and 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1 are\u003c/span\u003e\u003cspan\u003e\u0026nbsp;vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/span\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM Sterling B2B Integrator\u00a0and IBM Sterling File Gateway\u00a06.1.0.0 through 6.1.2.7_2, and 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1 are\u00a0vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-13T19:25:02.688Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7263329"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eRemediation/Fixes Product Version APAR Remediation \u0026amp; Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48832 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48832 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48832 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48832 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry.\u003c/p\u003e"
                }
              ],
              "value": "Remediation/Fixes Product Version APAR Remediation \u0026 Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48832 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48832 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48832 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48832 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry."
            }
          ],
          "title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway Cross-Site Scripting",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-40693",
        "datePublished": "2026-03-13T19:25:02.688Z",
        "dateReserved": "2023-08-18T15:48:17.571Z",
        "dateUpdated": "2026-03-13T19:44:18.750Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14483 (GCVE-0-2025-14483)

    Vulnerability from cvelistv5 – Published: 2026-03-13 19:15 – Updated: 2026-03-13 19:37
    VLAI
    Title
    IBM Sterling B2B Integrator and IBM Sterling File Gateway Information Disclosure
    Summary
    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could disclose sensitive host information to authenticated users in responses that could be used in further attacks against the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-201 - Insertion of Sensitive Information Into Sent Data
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7263329 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling B2B Integrator Affected: 6.1.0.0 , ≤ 6.1.2.7_2 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.5_1 (semver)
    Affected: 6.2.1.0 , ≤ 6.2.1.1_1 (semver)
    Affected: 6.2.2.0 (semver)
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14483",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-13T19:37:22.913106Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-13T19:37:32.919Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:*:*:*:*"
              ],
              "product": "Sterling B2B Integrator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7_2",
                  "status": "affected",
                  "version": "6.1.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.5_1",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.1.1_1",
                  "status": "affected",
                  "version": "6.2.1.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Sterling B2B Integrator\u0026nbsp;\u003cspan\u003eand IBM Sterling File Gateway\u0026nbsp;\u003c/span\u003e\u003cspan\u003e6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could disclose sensitive host information to authenticated users in responses that could be used in further attacks against the system.\u003c/span\u003e\u003c/p\u003e"
                }
              ],
              "value": "IBM Sterling B2B Integrator\u00a0and IBM Sterling File Gateway\u00a06.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could disclose sensitive host information to authenticated users in responses that could be used in further attacks against the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-201",
                  "description": "CWE-201 Insertion of Sensitive Information Into Sent Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-13T19:15:11.844Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7263329"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eRemediation/Fixes Product Version APAR Remediation \u0026amp; Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48832 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48832 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48832 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48832 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry.\u003c/p\u003e"
                }
              ],
              "value": "Remediation/Fixes Product Version APAR Remediation \u0026 Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48832 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48832 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48832 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48832 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry."
            }
          ],
          "title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway Information Disclosure",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-14483",
        "datePublished": "2026-03-13T19:15:11.844Z",
        "dateReserved": "2025-12-10T20:02:45.446Z",
        "dateUpdated": "2026-03-13T19:37:32.919Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14504 (GCVE-0-2025-14504)

    Vulnerability from cvelistv5 – Published: 2026-03-13 19:08 – Updated: 2026-03-13 19:37
    VLAI
    Title
    IBM Sterling B2B Integrator and IBM Sterling File Gateway Cross-Site Scripting
    Summary
    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7263327 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling B2B Integrator Affected: 6.1.0.0 , ≤ 6.1.2.7_2 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.5_1 (semver)
    Affected: 6.2.1.0 , ≤ 6.2.1.1_1 (semver)
    Affected: 6.2.2.0
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Sterling File Gateway Affected: 6.1.0.0 , ≤ 6.1.2.7_2 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.5_1 (semver)
    Affected: 6.2.1.0 , ≤ 6.2.1.1_1 (semver)
    Affected: 6.2.2.0
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:standard:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:standard:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:standard:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:standard:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:standard:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:standard:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14504",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-13T19:36:58.233817Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-13T19:37:07.983Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:*:*:*:*"
              ],
              "product": "Sterling B2B Integrator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7_2",
                  "status": "affected",
                  "version": "6.1.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.5_1",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.1.1_1",
                  "status": "affected",
                  "version": "6.2.1.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.2.0"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:standard:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:standard:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:standard:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:standard:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:standard:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:standard:*:*:*"
              ],
              "product": "Sterling File Gateway",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7_2",
                  "status": "affected",
                  "version": "6.1.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.5_1",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.1.1_1",
                  "status": "affected",
                  "version": "6.2.1.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/p\u003e"
                }
              ],
              "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-13T19:08:37.702Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7263327"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eRemediation/Fixes Product Version APAR Remediation \u0026amp; Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48563 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48563 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48563 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48563 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry.\u003c/p\u003e"
                }
              ],
              "value": "Remediation/Fixes Product Version APAR Remediation \u0026 Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48563 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48563 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48563 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48563 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry."
            }
          ],
          "title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway Cross-Site Scripting",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-14504",
        "datePublished": "2026-03-13T19:08:37.702Z",
        "dateReserved": "2025-12-10T21:49:00.798Z",
        "dateUpdated": "2026-03-13T19:37:07.983Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0835 (GCVE-0-2026-0835)

    Vulnerability from cvelistv5 – Published: 2026-03-13 18:57 – Updated: 2026-03-13 19:36
    VLAI
    Summary
    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7263326 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling B2B Integrator Affected: 6.1.0.0 , ≤ 6.1.2.7_2 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.5_1 (semver)
    Affected: 6.2.1.0 , ≤ 6.2.1.1_1 (semver)
    Affected: 6.2.2.0 (semver)
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:standard:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:standard:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:standard:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:standard:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:standard:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:standard:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0835",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-13T19:36:29.900119Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-13T19:36:39.022Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:standard:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:standard:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:standard:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:standard:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:standard:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:standard:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling B2B Integrator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7_2",
                  "status": "affected",
                  "version": "6.1.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.5_1",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.1.1_1",
                  "status": "affected",
                  "version": "6.2.1.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through\u0026nbsp;6.1.2.7_2,\u0026nbsp;6.2.0.0 through\u0026nbsp;6.2.0.5_1, 6.2.1.0 through\u0026nbsp;6.2.1.1_1, and 6.2.2.0 are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
                }
              ],
              "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through\u00a06.1.2.7_2,\u00a06.2.0.0 through\u00a06.2.0.5_1, 6.2.1.0 through\u00a06.2.1.1_1, and 6.2.2.0 are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-13T19:01:09.073Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7263326"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eVersion\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eRemediation \u0026amp; Fix\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.1.0.0 - 6.1.2.7_2\u003c/td\u003e\u003ctd\u003eIT48958 \u0026nbsp;\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.0.0 - 6.2.0.5_1\u003c/td\u003e\u003ctd\u003eIT48958 \u0026nbsp;\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.1.0 - 6.2.1.1_1\u003c/td\u003e\u003ctd\u003eIT48958 \u0026nbsp;\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.1.1_2 or 6.2.2.0_1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.2.0\u003c/td\u003e\u003ctd\u003eIT48958\u0026nbsp;\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.2.0_1\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cdiv\u003e\u003cp\u003eThe IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on\u0026nbsp;\u003ca href=\"http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware\u0026amp;product=ibm/Other+software/Sterling+B2B+Integrator\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=all\" target=\"_blank\" rel=\"noopener noreferrer nofollow\"\u003eFix Central\u003c/a\u003e.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry.\u003c/p\u003e\u003c/div\u003e"
                }
              ],
              "value": "ProductVersionAPARRemediation \u0026 FixIBM Sterling B2B Integrator and IBM Sterling File Gateway6.1.0.0 - 6.1.2.7_2IT48958 \u00a0Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.0.0 - 6.2.0.5_1IT48958 \u00a0Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.1.0 - 6.2.1.1_1IT48958 \u00a0Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.2.0IT48958\u00a0Apply B2Bi 6.2.2.0_1The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on\u00a0 Fix Central http://www-933.ibm.com/support/fixcentral/swg/selectFixes .\u00a0\n\nThe container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-0835",
        "datePublished": "2026-03-13T18:57:35.435Z",
        "dateReserved": "2026-01-09T23:27:35.566Z",
        "dateUpdated": "2026-03-13T19:36:39.022Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36348 (GCVE-0-2025-36348)

    Vulnerability from cvelistv5 – Published: 2026-02-17 21:31 – Updated: 2026-02-18 20:37
    VLAI
    Title
    The Dashboard of IBM Sterling B2B Integrator and IBM Sterling File Gateway is Vulnerable to Information Disclosure
    Summary
    IBM Sterling B2B Integrator versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1, and IBM Sterling File Gateway versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1 may expose sensitive information to a remote privileged attacker due to the application returning detailed technical error messages in the browser.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - Generation of Error Message Containing Sensitive Information
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7259769 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling B2B Integrator Affected: 6.1.0.0 , ≤ 6.1.2.7_2 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.5 (semver)
    Affected: 6.2.1.0 , ≤ 6.2.1.1 (semver)
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Sterling File Gateway Affected: 6.1.0.0 , ≤ 6.1.2.7_2 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.5 (semver)
    Affected: 6.2.1.0 , ≤ 6.2.1.1 (semver)
        cpe:2.3:a:ibm:sterling_file_gateway:6.1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7_2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.1.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36348",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-18T20:37:42.475767Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-18T20:37:54.678Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1:*:*:*:*:*:*:*"
              ],
              "product": "Sterling B2B Integrator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7_2",
                  "status": "affected",
                  "version": "6.1.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.5",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.1.1",
                  "status": "affected",
                  "version": "6.2.1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_file_gateway:6.1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7_2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.1.1:*:*:*:*:*:*:*"
              ],
              "product": "Sterling File Gateway",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7_2",
                  "status": "affected",
                  "version": "6.1.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.5",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.1.1",
                  "status": "affected",
                  "version": "6.2.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eIBM Sterling B2B Integrator versions \u003cstrong\u003e6.1.0.0 through 6.1.2.7_2\u003c/strong\u003e, \u003cstrong\u003e6.2.0.0 through 6.2.0.5\u003c/strong\u003e, and \u003cstrong\u003e6.2.1.0 through 6.2.1.1\u003c/strong\u003e, and IBM Sterling File Gateway versions \u003cstrong\u003e6.1.0.0 through 6.1.2.7_2\u003c/strong\u003e, \u003cstrong\u003e6.2.0.0 through 6.2.0.5\u003c/strong\u003e, and \u003cstrong\u003e6.2.1.0 through 6.2.1.1\u003c/strong\u003e\u0026nbsp;may expose sensitive information to a remote privileged attacker due to the application returning detailed technical error messages in the browser.\u003c/div\u003e\u003cbr\u003e"
                }
              ],
              "value": "IBM Sterling B2B Integrator versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1, and IBM Sterling File Gateway versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1\u00a0may expose sensitive information to a remote privileged attacker due to the application returning detailed technical error messages in the browser."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-17T21:31:30.418Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7259769"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cbr\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eVersion\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eRemediation \u0026amp; Fix\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.1.0.0 - 6.1.2.7_2\u003c/td\u003e\u003ctd\u003eIT48562\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.1.2.8, 6.2.0.5_1, 6.2.1.1_1 or 6.2.2.0\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.0.0 - 6.2.0.5\u003c/td\u003e\u003ctd\u003eIT48562\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.0.5_1, 6.2.1.1_1 or 6.2.2.0\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.1.0 - 6.2.1.1\u003c/td\u003e\u003ctd\u003eIT48562\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.1.1_1 or 6.2.2.0\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e"
                }
              ],
              "value": "ProductVersionAPARRemediation \u0026 FixIBM Sterling B2B Integrator and IBM Sterling File Gateway6.1.0.0 - 6.1.2.7_2IT48562Apply B2Bi 6.1.2.8, 6.2.0.5_1, 6.2.1.1_1 or 6.2.2.0IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.0.0 - 6.2.0.5IT48562Apply B2Bi 6.2.0.5_1, 6.2.1.1_1 or 6.2.2.0IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.1.0 - 6.2.1.1IT48562Apply B2Bi 6.2.1.1_1 or 6.2.2.0"
            }
          ],
          "title": "The Dashboard of IBM Sterling B2B Integrator and IBM Sterling File Gateway is Vulnerable to Information Disclosure",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36348",
        "datePublished": "2026-02-17T21:31:30.418Z",
        "dateReserved": "2025-04-15T21:16:53.302Z",
        "dateUpdated": "2026-02-18T20:37:54.678Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36134 (GCVE-0-2025-36134)

    Vulnerability from cvelistv5 – Published: 2025-11-25 14:40 – Updated: 2025-11-25 14:49
    VLAI
    Title
    IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure
    Summary
    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7252210 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling B2B Integrator Affected: 6.0.0.0 , ≤ 6.1.2.7 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.5 (semver)
    Affected: 6.2.1.1 (semver)
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Sterling File Gateway Affected: 6.0.0.0 , ≤ 6.1.2.7 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.5 (semver)
    Affected: 6.2.1.1 (semver)
        cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36134",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-25T14:48:40.567416Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-25T14:49:21.608Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling B2B Integrator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7",
                  "status": "affected",
                  "version": "6.0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.5",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.1.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling File Gateway",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7",
                  "status": "affected",
                  "version": "6.0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.5",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.1.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1\u00a0could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1275",
                  "description": "CWE-1275",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-25T14:40:55.959Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7252210"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eVersion\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eRemediation\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.0.0.0 - 6.1.2.7_1\u003c/td\u003e\u003ctd\u003eIT48345\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.1.2.7_2, 6.2.0.5_1 or 6.2.1.1_1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.0.0 - 6.2.0.5\u003c/td\u003e\u003ctd\u003eIT48345\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.0.5_1 or 6.2.1.1_1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.1.1\u003c/td\u003e\u003ctd\u003eIT48345\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.1.1_1\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe IIM versions of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1_1 are available on \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware\u0026amp;product=ibm/Other+software/Sterling+B2B+Integrator\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=all\"\u003eFix Central\u003c/a\u003e. \u003c/p\u003e\u003cp\u003eThe container version of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1_1 are available in IBM Entitled Registry.\u003c/p\u003e\u003cbr\u003e"
                }
              ],
              "value": "ProductVersionAPARRemediationIBM Sterling B2B Integrator and IBM Sterling File Gateway6.0.0.0 - 6.1.2.7_1IT48345Apply B2Bi 6.1.2.7_2, 6.2.0.5_1 or 6.2.1.1_1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.0.0 - 6.2.0.5IT48345Apply B2Bi 6.2.0.5_1 or 6.2.1.1_1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.1.1IT48345Apply B2Bi 6.2.1.1_1\n\n\u00a0\n\nThe IIM versions of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1_1 are available on  Fix Central http://www-933.ibm.com/support/fixcentral/swg/selectFixes . \n\nThe container version of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1_1 are available in IBM Entitled Registry."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36134",
        "datePublished": "2025-11-25T14:40:55.959Z",
        "dateReserved": "2025-04-15T21:16:19.008Z",
        "dateUpdated": "2025-11-25T14:49:21.608Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36112 (GCVE-0-2025-36112)

    Vulnerability from cvelistv5 – Published: 2025-11-24 18:25 – Updated: 2025-11-24 18:58
    VLAI
    Title
    IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure
    Summary
    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could reveal sensitive server IP configuration information to an unauthorized user.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7252197 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling B2B Integrator Affected: 6.0.0.0 , ≤ 6.1.2.7 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.5 (semver)
    Affected: 6.2.1.1
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Sterling File Gateway Affected: 6.0.0.0 , ≤ 6.1.2.7 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.5 (semver)
    Affected: 6.2.1.1
        cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36112",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-24T18:58:11.252178Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-24T18:58:40.859Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling B2B Integrator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7",
                  "status": "affected",
                  "version": "6.0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.5",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.1.1"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling File Gateway",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7",
                  "status": "affected",
                  "version": "6.0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.5",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould reveal sensitive server IP configuration information to an unauthorized user.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1\u00a0could reveal sensitive server IP configuration information to an unauthorized user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "CWE-497",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-24T18:25:03.423Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7252197"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eVersion\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eRemediation\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.0.0.0 - 6.1.2.7_1\u003c/td\u003e\u003ctd\u003eIT48308\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.1.2.7_2, 6.2.0.5_1 or 6.2.1.1_1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.0.0 - 6.2.0.5\u003c/td\u003e\u003ctd\u003eIT48308\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.0.5_1 or 6.2.1.1_1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.1.1\u003c/td\u003e\u003ctd\u003eIT48308\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.1.1_1\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e \u003cbr\u003e\u003cp\u003eThe IIM versions of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1_1 are available on \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware\u0026amp;product=ibm/Other+software/Sterling+B2B+Integrator\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=all\"\u003eFix Central\u003c/a\u003e. \u003c/p\u003e\u003cp\u003eThe container version of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1_1 are available in IBM Entitled Registry.\u003c/p\u003e\u003cbr\u003e"
                }
              ],
              "value": "ProductVersionAPARRemediationIBM Sterling B2B Integrator and IBM Sterling File Gateway6.0.0.0 - 6.1.2.7_1IT48308Apply B2Bi 6.1.2.7_2, 6.2.0.5_1 or 6.2.1.1_1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.0.0 - 6.2.0.5IT48308Apply B2Bi 6.2.0.5_1 or 6.2.1.1_1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.1.1IT48308Apply B2Bi 6.2.1.1_1\n \nThe IIM versions of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1_1 are available on  Fix Central http://www-933.ibm.com/support/fixcentral/swg/selectFixes . \n\nThe container version of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1_1 are available in IBM Entitled Registry."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36112",
        "datePublished": "2025-11-24T18:25:03.423Z",
        "dateReserved": "2025-04-15T21:16:17.123Z",
        "dateUpdated": "2025-11-24T18:58:40.859Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36135 (GCVE-0-2025-36135)

    Vulnerability from cvelistv5 – Published: 2025-11-07 18:26 – Updated: 2025-11-07 18:47
    VLAI
    Title
    IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to Cross-Site Scripting
    Summary
    IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7250509 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling B2B Integrator Affected: 6.0.0.0 , ≤ 6.1.2.7_1 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.5 (semver)
    Affected: 6.2.1.0
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Sterling File Gateway Affected: 6.0.0.0 , ≤ 6.1.2.7_1 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.5 (semver)
    Affected: 6.2.1.0
        cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7_1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.5:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36135",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-07T18:46:55.714881Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-07T18:47:27.813Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling B2B Integrator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7_1",
                  "status": "affected",
                  "version": "6.0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.5",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.1.0"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7_1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.5:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling File Gateway",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7_1",
                  "status": "affected",
                  "version": "6.0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.5",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/p\u003e"
                }
              ],
              "value": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-07T18:26:57.845Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7250509"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eRemediation/Fixes Product Version APAR Remediation \u0026amp; Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 - 6.1.2.7_1 IT48350 Apply B2Bi 6.1.2.7_2. 6.2.0.5_1 or 6.2.1.1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5 IT48350 Apply B2Bi 6.2.0.5_1 or 6.2.1.1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 IT48350 Apply B2Bi 6.2.1.1 The IIM versions of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1 are available on Fix Central . The container version of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1 are available in IBM Entitled Registry.\u003c/p\u003e"
                }
              ],
              "value": "Remediation/Fixes Product Version APAR Remediation \u0026 Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 - 6.1.2.7_1 IT48350 Apply B2Bi 6.1.2.7_2. 6.2.0.5_1 or 6.2.1.1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5 IT48350 Apply B2Bi 6.2.0.5_1 or 6.2.1.1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 IT48350 Apply B2Bi 6.2.1.1 The IIM versions of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1 are available on Fix Central . The container version of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1 are available in IBM Entitled Registry."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to Cross-Site Scripting",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36135",
        "datePublished": "2025-11-07T18:26:57.845Z",
        "dateReserved": "2025-04-15T21:16:19.008Z",
        "dateUpdated": "2025-11-07T18:47:27.813Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36002 (GCVE-0-2025-36002)

    Vulnerability from cvelistv5 – Published: 2025-10-16 14:54 – Updated: 2025-10-25 02:02
    VLAI
    Title
    IBM Sterling B2B Integrator information disclosure
    Summary
    IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5, and 6.2.1.0 stores user credentials in configuration files which can be read by a local user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-260 - Password in Configuration File
    • CWE-256 - Plaintext Storage of a Password
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7248129 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling B2B Integrator Affected: 6.2.0.0 , ≤ 6.2.0.5 (semver)
    Affected: 6.2.1.0 (semver)
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Sterling File Gateway Affected: 6.2.0.0 , ≤ 6.2.0.5 (semver)
    Affected: 6.2.1.0 (semver)
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36002",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-16T16:06:34.404561Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-256",
                    "description": "CWE-256 Plaintext Storage of a Password",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-16T16:06:38.590Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling B2B Integrator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.2.0.5",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.1.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling File Gateway",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.2.0.5",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5, and 6.2.1.0 stores user credentials in configuration files which can be read by a local user.\u003c/p\u003e"
                }
              ],
              "value": "IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5, and 6.2.1.0 stores user credentials in configuration files which can be read by a local user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-260",
                  "description": "CWE-260 Password in Configuration File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-25T02:02:53.477Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7248129"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.0.0 - 6.2.0.5\u003c/td\u003e\u003ctd\u003eIT48063\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.0.5_1 or 6.2.1.1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.1.0\u003c/td\u003e\u003ctd\u003eIT48063\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.1.1\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.0.0 - 6.2.0.5IT48063Apply B2Bi 6.2.0.5_1 or 6.2.1.1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.1.0IT48063Apply B2Bi 6.2.1.1"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Sterling B2B Integrator information disclosure",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36002",
        "datePublished": "2025-10-16T14:54:53.914Z",
        "dateReserved": "2025-04-15T21:16:05.532Z",
        "dateUpdated": "2025-10-25T02:02:53.477Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2667 (GCVE-0-2025-2667)

    Vulnerability from cvelistv5 – Published: 2025-09-04 14:45 – Updated: 2025-09-04 15:06
    VLAI
    Title
    IBM Sterling B2B Integrator information disclosure
    Summary
    IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 could disclose sensitive system information about the server to a privileged user that could aid in further attacks against the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7244021 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling B2B Integrator Affected: 6.0.0.0 , ≤ 6.1.2.7_1 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.4 (semver)
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Sterling File Gateway Affected: 6.0.0.0 , ≤ 6.1.2.7_1 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.4 (semver)
        cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7_1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2667",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-04T15:04:59.460230Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-04T15:06:16.676Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling B2B Integrator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7_1",
                  "status": "affected",
                  "version": "6.0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.4",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7_1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling File Gateway",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7_1",
                  "status": "affected",
                  "version": "6.0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.4",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 could disclose sensitive system information about the server to a privileged user that could aid in further attacks against the system."
                }
              ],
              "value": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 could disclose sensitive system information about the server to a privileged user that could aid in further attacks against the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-04T14:45:23.819Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7244021"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003eVersion\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eRemediation \u0026amp; Fix\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.0.0.0 - 6.1.2.7_1\u003c/td\u003e\u003ctd\u003eIT47981\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.1.2.7_2. 6.2.0.5 or 6.2.1.1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.0.0 - 6.2.0.4\u003c/td\u003e\u003ctd\u003eIT47981\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.0.5 or 6.2.1.1\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe IIM versions of 6.1.2.7_2, 6.2.0.5 and 6.2.1.1 are available on \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware\u0026amp;product=ibm/Other+software/Sterling+B2B+Integrator\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=all\"\u003eFix Central\u003c/a\u003e. \u003c/p\u003e\u003cp\u003eThe container version of 6.1.2.7_2, 6.2.0.5 and 6.2.1.1 are available in IBM Entitled Registry.\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "VersionAPARRemediation \u0026 FixIBM Sterling B2B Integrator and IBM Sterling File Gateway6.0.0.0 - 6.1.2.7_1IT47981Apply B2Bi 6.1.2.7_2. 6.2.0.5 or 6.2.1.1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.0.0 - 6.2.0.4IT47981Apply B2Bi 6.2.0.5 or 6.2.1.1\n\n\u00a0\n\nThe IIM versions of 6.1.2.7_2, 6.2.0.5 and 6.2.1.1 are available on  Fix Central http://www-933.ibm.com/support/fixcentral/swg/selectFixes . \n\nThe container version of 6.1.2.7_2, 6.2.0.5 and 6.2.1.1 are available in IBM Entitled Registry."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Sterling B2B Integrator information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-2667",
        "datePublished": "2025-09-04T14:45:23.819Z",
        "dateReserved": "2025-03-22T13:41:32.620Z",
        "dateUpdated": "2025-09-04T15:06:16.676Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2694 (GCVE-0-2025-2694)

    Vulnerability from cvelistv5 – Published: 2025-09-04 14:43 – Updated: 2025-09-04 15:02
    VLAI
    Title
    IBM Sterling B2B Integrator cross-site scripting
    Summary
    IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7244023 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling B2B Integrator Affected: 6.0.0.0 , ≤ 6.1.2.7_1 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.4 (semver)
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Sterling File Gateway Affected: 6.0.0.0 , ≤ 6.1.2.7_1 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.4 (semver)
        cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7_1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2694",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-04T14:59:45.837788Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-04T15:02:53.828Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling B2B Integrator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7_1",
                  "status": "affected",
                  "version": "6.0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.4",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7_1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling File Gateway",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7_1",
                  "status": "affected",
                  "version": "6.0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.4",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
                }
              ],
              "value": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-04T14:43:26.848Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7244023"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003eVersion\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eRemediation \u0026amp; Fix\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.0.0.0 - 6.1.2.7_1\u003c/td\u003e\u003ctd\u003eIT47981\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.1.2.7_2. 6.2.0.5 or 6.2.1.1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.0.0 - 6.2.0.4\u003c/td\u003e\u003ctd\u003eIT47981\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.0.5 or 6.2.1.1\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe IIM versions of 6.1.2.7_2, 6.2.0.5 and 6.2.1.1 are available on \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware\u0026amp;product=ibm/Other+software/Sterling+B2B+Integrator\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=all\"\u003eFix Central\u003c/a\u003e. \u003c/p\u003e\u003cp\u003eThe container version of 6.1.2.7_2, 6.2.0.5 and 6.2.1.1 are available in IBM Entitled Registry.\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "VersionAPARRemediation \u0026 FixIBM Sterling B2B Integrator and IBM Sterling File Gateway6.0.0.0 - 6.1.2.7_1IT47981Apply B2Bi 6.1.2.7_2. 6.2.0.5 or 6.2.1.1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.0.0 - 6.2.0.4IT47981Apply B2Bi 6.2.0.5 or 6.2.1.1\n\n\u00a0\n\nThe IIM versions of 6.1.2.7_2, 6.2.0.5 and 6.2.1.1 are available on  Fix Central http://www-933.ibm.com/support/fixcentral/swg/selectFixes . \n\nThe container version of 6.1.2.7_2, 6.2.0.5 and 6.2.1.1 are available in IBM Entitled Registry."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Sterling B2B Integrator cross-site scripting",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-2694",
        "datePublished": "2025-09-04T14:43:26.848Z",
        "dateReserved": "2025-03-23T14:38:43.348Z",
        "dateUpdated": "2025-09-04T15:02:53.828Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2988 (GCVE-0-2025-2988)

    Vulnerability from cvelistv5 – Published: 2025-08-19 19:15 – Updated: 2025-08-19 19:35
    VLAI
    Title
    IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure
    Summary
    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.4, and 6.2.1.0 could disclose sensitive server information to an unauthorized user that could aid in further attacks against the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7242391 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Sterling B2B Integrator Affected: 6.0.0.0 , ≤ 6.1.2.7 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.4 (semver)
    Affected: 6.2.1.0
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Sterling File Gateway Affected: 6.0.0.0 , ≤ 6.1.2.7 (semver)
    Affected: 6.2.0.0 , ≤ 6.2.0.4 (semver)
    Affected: 6.2.1.0
        cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:sterling_file_gateway:6.2.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2988",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-19T19:32:38.788840Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-19T19:35:55.065Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling B2B Integrator",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7",
                  "status": "affected",
                  "version": "6.0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.4",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.1.0"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:sterling_file_gateway:6.2.1.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Sterling File Gateway",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.2.7",
                  "status": "affected",
                  "version": "6.0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.0.4",
                  "status": "affected",
                  "version": "6.2.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "6.2.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.4, and 6.2.1.0 could disclose sensitive server information to an unauthorized user that could aid in further attacks against the system."
                }
              ],
              "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.4, and 6.2.1.0 could disclose sensitive server information to an unauthorized user that could aid in further attacks against the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-19T19:15:58.525Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7242391"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eVersion\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eRemediation \u0026amp; Fix\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.0.0.0 - 6.1.2.7\u003c/td\u003e\u003ctd\u003eIT48437\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.1.2.7_1. 6.2.0.5 or 6.2.1.1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.0.0 - 6.2.0.4, 6.2.1.0\u003c/td\u003e\u003ctd\u003eIT48437\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.0.5 or 6.2.1.1\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "ProductVersionAPARRemediation \u0026 FixIBM Sterling B2B Integrator and IBM Sterling File Gateway6.0.0.0 - 6.1.2.7IT48437Apply B2Bi 6.1.2.7_1. 6.2.0.5 or 6.2.1.1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.0.0 - 6.2.0.4, 6.2.1.0IT48437Apply B2Bi 6.2.0.5 or 6.2.1.1"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-2988",
        "datePublished": "2025-08-19T19:15:58.525Z",
        "dateReserved": "2025-03-30T12:39:19.574Z",
        "dateUpdated": "2025-08-19T19:35:55.065Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }