SecuriTricks - CVE-2025-36348

Description

IBM Sterling B2B Integrator versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1, and IBM Sterling File Gateway versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1 may expose sensitive information to a remote privileged attacker due to the application returning detailed technical error messages in the browser.

Product(s) Impacted

Vendor	Product	Versions
Ibm	Sterling B2b Integrator Sterling File Gateway	6.1.0.0-6.1.2.7_2, 6.2.0.0-6.2.0.5, 6.2.1.0-6.2.1.1 6.1.0.0-6.1.2.7_2, 6.2.0.0-6.2.0.5, 6.2.1.0-6.2.1.1

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-209

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	ibm	sterling_b2b_integrator	6.1.0.0-6.1.2.7_2	/	/	/	/	/	/	/
a	ibm	sterling_b2b_integrator	6.2.0.0-6.2.0.5	/	/	/	/	/	/	/
a	ibm	sterling_b2b_integrator	6.2.1.0-6.2.1.1	/	/	/	/	/	/	/
a	ibm	sterling_file_gateway	6.1.0.0-6.1.2.7_2	/	/	/	/	/	/	/
a	ibm	sterling_file_gateway	6.2.0.0-6.2.0.5	/	/	/	/	/	/	/
a	ibm	sterling_file_gateway	6.2.1.0-6.2.1.1	/	/	/	/	/	/	/

References

https://www.ibm.com/support/pages/node/7259769

CVSS Score

4.9 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: HIGH
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: NONE
Availability Impact: NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

View Vector String

Timeline

Published: Feb. 17, 2026, 10:18 p.m.
Last Modified: Feb. 18, 2026, 5:51 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

CVE-2025-36348