CVE-2025-36348

Summary

IBM Sterling B2B Integrator versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1, and IBM Sterling File Gateway versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1 may expose sensitive information to a remote privileged attacker due to the application returning detailed technical error messages in the browser.

Affected Software

VendorProductVersion RangeStatus
IBMSterling B2B Integrator6.1.0.0 <= 6.1.2.7_2affected
IBMSterling B2B Integrator6.2.0.0 <= 6.2.0.5affected
IBMSterling B2B Integrator6.2.1.0 <= 6.2.1.1affected
IBMSterling File Gateway6.1.0.0 <= 6.1.2.7_2affected
IBMSterling File Gateway6.2.0.0 <= 6.2.0.5affected
IBMSterling File Gateway6.2.1.0 <= 6.2.1.1affected

Weaknesses

  • CWE-209: CWE-209 Generation of Error Message Containing Sensitive Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References