CVE-2025-36134
published 2025-11-25CVE-2025-36134: IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could disclose sensitive information…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | sterling_b2b_integrator | — | — |
| ibm | sterling_b2b_integrator | >= 6.0.0.0 < 6.1.2.7_2 | 6.1.2.7_2 |
| ibm | sterling_b2b_integrator | 6.0.0.0 – 6.1.2.7 | — |
| ibm | sterling_b2b_integrator | >= 6.2.0.0 < 6.2.0.5_1 | 6.2.0.5_1 |
| ibm | sterling_b2b_integrator | 6.2.0.0 – 6.2.0.5 | — |
| ibm | sterling_file_gateway | — | — |
| ibm | sterling_file_gateway | >= 6.0.0.0 < 6.1.2.7_2 | 6.1.2.7_2 |
| ibm | sterling_file_gateway | 6.0.0.0 – 6.1.2.7 | — |
| ibm | sterling_file_gateway | >= 6.2.0.0 < 6.2.0.5_1 | 6.2.0.5_1 |
| ibm | sterling_file_gateway | 6.2.0.0 – 6.2.0.5 | — |