CVE-2025-1348

CWE-5253 documents3 sources
Severity
4.0MEDIUM
EPSS
0.1%
top 79.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Sterling B2B IntegratorIBM Sterling File Gateway
Timeline
PublishedJun 18

Description

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 could allow a local user to obtain sensitive information from a user’s web browser cache due to not using a suitable caching policy.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.5 | Impact: 1.4

Affected Packages3 packages

NVDibm/sterling_file_gateway6.0.0.06.1.2.7+1
NVDibm/sterling_b2b_integrator6.0.0.06.1.2.7+1
CVEListV5ibm/sterling_b2b_integrator6.0.0.06.1.2.6+1

🔴Vulnerability Details

2
GHSA
GHSA-gprj-976f-w257: IBM Sterling B2B Integrator and IBM Sterling File Gateway 62025-06-18
CVEList
IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure2025-06-18
CVE-2025-1348 (MEDIUM CVSS 4) | IBM Sterling B2B Integrator and IBM | cvebase.io