CVE-2025-36002

Summary

IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5, and 6.2.1.0 stores user credentials in configuration files which can be read by a local user.

Affected Software

VendorProductVersion RangeStatus
IBMSterling B2B Integrator6.2.0.0 <= 6.2.0.5affected
IBMSterling B2B Integrator6.2.1.0affected
IBMSterling File Gateway6.2.0.0 <= 6.2.0.5affected
IBMSterling File Gateway6.2.1.0affected

Weaknesses

  • CWE-260: CWE-260 Password in Configuration File

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References