CVE-2025-36134

CWE-12753 documents3 sources
Severity
7.5HIGH
EPSS
0.1%
top 83.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Sterling B2B IntegratorIBM Sterling File Gateway
Timeline
PublishedNov 25

Description

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages4 packages

NVDibm/sterling_file_gateway6.0.0.06.1.2.7_2+2
CVEListV5ibm/sterling_file_gateway6.0.0.06.1.2.7+2
NVDibm/sterling_b2b_integrator6.0.0.06.1.2.7_2+2
CVEListV5ibm/sterling_b2b_integrator6.0.0.06.1.2.7+2

🔴Vulnerability Details

2
GHSA
GHSA-xmfq-xm97-g58p: IBM Sterling B2B Integrator and IBM Sterling File Gateway 62025-11-25
CVEList
IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure2025-11-25
CVE-2025-36134 (HIGH CVSS 7.5) | IBM Sterling B2B Integrator and IBM | cvebase.io