CVE-2025-2988

Summary

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.4, and 6.2.1.0 could disclose sensitive server information to an unauthorized user that could aid in further attacks against the system.

Affected Software

VendorProductVersion RangeStatus
IBMSterling B2B Integrator6.0.0.0 <= 6.1.2.7affected
IBMSterling B2B Integrator6.2.0.0 <= 6.2.0.4affected
IBMSterling B2B Integrator6.2.1.0affected
IBMSterling File Gateway6.0.0.0 <= 6.1.2.7affected
IBMSterling File Gateway6.2.0.0 <= 6.2.0.4affected
IBMSterling File Gateway6.2.1.0affected

Weaknesses

  • CWE-497: CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References