CVE-2025-36348 PUBLISHED

The Dashboard of IBM Sterling B2B Integrator and IBM Sterling File Gateway is Vulnerable to Information Disclosure

Assigner: ibm
Reserved: 15.04.2025 Published: 17.02.2026 Updated: 17.02.2026

IBM Sterling B2B Integrator versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1, and IBM Sterling File Gateway versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1 may expose sensitive information to a remote privileged attacker due to the application returning detailed technical error messages in the browser.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CVSS Score: 4.9

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	High	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	IBM
Product	Sterling B2B Integrator
Versions	affected from 6.1.0.0 to 6.1.2.7_2 (incl.) affected from 6.2.0.0 to 6.2.0.5 (incl.) affected from 6.2.1.0 to 6.2.1.1 (incl.)

Vendor	IBM
Product	Sterling File Gateway
Versions	affected from 6.1.0.0 to 6.1.2.7_2 (incl.) affected from 6.2.0.0 to 6.2.0.5 (incl.) affected from 6.2.1.0 to 6.2.1.1 (incl.)

Solutions

ProductVersionAPARRemediation & FixIBM Sterling B2B Integrator and IBM Sterling File Gateway6.1.0.0 - 6.1.2.7_2IT48562Apply B2Bi 6.1.2.8, 6.2.0.5_1, 6.2.1.1_1 or 6.2.2.0IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.0.0 - 6.2.0.5IT48562Apply B2Bi 6.2.0.5_1, 6.2.1.1_1 or 6.2.2.0IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.1.0 - 6.2.1.1IT48562Apply B2Bi 6.2.1.1_1 or 6.2.2.0

References

https://www.ibm.com/support/pages/node/7259769

Problem Types

CWE-209 Generation of Error Message Containing Sensitive Information CWE