CVE-2025-36112

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could reveal sensitive server IP configuration information to an unauthorized user.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7252197	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:sterling_b2b_integrator::::::::
	cpe:2.3:a:ibm:sterling_b2b_integrator::::::::
	cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1:::::::*
	cpe:2.3:a:ibm:sterling_file_gateway::::::::
	cpe:2.3:a:ibm:sterling_file_gateway::::::::
	cpe:2.3:a:ibm:sterling_file_gateway:6.2.1.1:::::::*

History

No history.

Information

Published : 2025-11-24 19:15

Updated : 2025-12-01 16:05

NVD link : CVE-2025-36112

Mitre link : CVE-2025-36112

CVE.ORG link : CVE-2025-36112

JSON object : View

Products Affected

ibm

sterling_file_gateway
sterling_b2b_integrator

CWE

CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

{"id": "CVE-2025-36112", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2025-11-24T19:15:48.283", "references": [{"url": "https://www.ibm.com/support/pages/node/7252197", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-497"}]}], "descriptions": [{"lang": "en", "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1\u00a0could reveal sensitive server IP configuration information to an unauthorized user."}], "lastModified": "2025-12-01T16:05:56.670", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE818255-FEE2-453A-8230-81986F93954E", "versionEndExcluding": "6.1.2.7_2", "versionStartIncluding": "6.0.0.0"}, {"criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E7BD82C-7A6C-44C3-BE64-FFF75700EED1", "versionEndExcluding": "6.2.0.5_1", "versionStartIncluding": "6.2.0.0"}, {"criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4ACC673-C9A9-4149-821E-5A60603141DD"}, {"criteria": "cpe:2.3:a:ibm:sterling_file_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2831DF62-E968-4B8F-A4DA-E0752F9B5D9B", "versionEndExcluding": "6.1.2.7_2", "versionStartIncluding": "6.0.0.0"}, {"criteria": "cpe:2.3:a:ibm:sterling_file_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CF6DF92-A6D4-4FBB-8662-5BE9D814D911", "versionEndExcluding": "6.2.0.5_1", "versionStartIncluding": "6.2.0.0"}, {"criteria": "cpe:2.3:a:ibm:sterling_file_gateway:6.2.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B08AE6F-BE1D-4353-BD4A-259284624BCB"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}