CVE-2025-2988

CWE-4973 documents3 sources

Severity

6.5MEDIUM

EPSS

0.0%

top 90.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Sterling B2B Integrator IBM Sterling File Gateway

Timeline

PublishedAug 19

Description

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.4, and 6.2.1.0 could disclose sensitive server information to an unauthorized user that could aid in further attacks against the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages4 packages

▶NVDibm/sterling_file_gateway6.0.0.0 — 6.1.2.7_1+2

▶CVEListV5ibm/sterling_file_gateway6.0.0.0 — 6.1.2.7+2

▶NVDibm/sterling_b2b_integrator6.0.0.0 — 6.1.2.7_1+2

▶CVEListV5ibm/sterling_b2b_integrator6.0.0.0 — 6.1.2.7+2

🔴Vulnerability Details

CVEList

IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure↗2025-08-19

▶

GHSA

GHSA-48wm-29g7-w3qw: IBM Sterling B2B Integrator and IBM Sterling File Gateway 6↗2025-08-19

▶