CVE-2025-36002

CWE-260CWE-2563 documents3 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 98.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Sterling B2B IntegratorIBM Sterling File Gateway
Timeline
PublishedOct 16

Description

IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5, and 6.2.1.0 stores user credentials in configuration files which can be read by a local user.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDibm/sterling_file_gateway6.2.0.06.2.0.5_1+1
CVEListV5ibm/sterling_file_gateway6.2.0.06.2.0.5+1
NVDibm/sterling_b2b_integrator6.2.0.06.2.0.5_1+1
CVEListV5ibm/sterling_b2b_integrator6.2.0.06.2.0.5+1

🔴Vulnerability Details

2
GHSA
GHSA-mvvr-m63m-hj6g: IBM Sterling B2B Integrator 62025-10-16
CVEList
IBM Sterling B2B Integrator information disclosure2025-10-16
CVE-2025-36002 (MEDIUM CVSS 5.5) | IBM Sterling B2B Integrator 6.2.0.0 | cvebase.io