CVE-2025-36112 (GCVE-0-2025-36112)
Vulnerability from cvelistv5
Published
2025-11-24 18:25
Modified
2025-11-24 18:58
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
Summary
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could reveal sensitive server IP configuration information to an unauthorized user.
References
Impacted products
Vendor Product Version
IBM Sterling B2B Integrator Version: 6.0.0.0    6.1.2.7
Version: 6.2.0.0    6.2.0.5
Version: 6.2.1.1
    cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1:*:*:*:*:*:*:*
 Create a notification for this product.
   IBM Sterling File Gateway Version: 6.0.0.0    6.1.2.7
Version: 6.2.0.0    6.2.0.5
Version: 6.2.1.1
    cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-36112",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-24T18:58:11.252178Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-24T18:58:40.859Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Sterling B2B Integrator",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "6.1.2.7",
              "status": "affected",
              "version": "6.0.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.0.5",
              "status": "affected",
              "version": "6.2.0.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "6.2.1.1"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Sterling File Gateway",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "6.1.2.7",
              "status": "affected",
              "version": "6.0.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.0.5",
              "status": "affected",
              "version": "6.2.0.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "6.2.1.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould reveal sensitive server IP configuration information to an unauthorized user.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1\u00a0could reveal sensitive server IP configuration information to an unauthorized user."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-497",
              "description": "CWE-497",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-24T18:25:03.423Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7252197"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eVersion\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eRemediation\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.0.0.0 - 6.1.2.7_1\u003c/td\u003e\u003ctd\u003eIT48308\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.1.2.7_2, 6.2.0.5_1 or 6.2.1.1_1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.0.0 - 6.2.0.5\u003c/td\u003e\u003ctd\u003eIT48308\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.0.5_1 or 6.2.1.1_1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.1.1\u003c/td\u003e\u003ctd\u003eIT48308\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.1.1_1\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e \u003cbr\u003e\u003cp\u003eThe IIM versions of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1_1 are available on \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware\u0026amp;product=ibm/Other+software/Sterling+B2B+Integrator\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=all\"\u003eFix Central\u003c/a\u003e. \u003c/p\u003e\u003cp\u003eThe container version of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1_1 are available in IBM Entitled Registry.\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "ProductVersionAPARRemediationIBM Sterling B2B Integrator and IBM Sterling File Gateway6.0.0.0 - 6.1.2.7_1IT48308Apply B2Bi 6.1.2.7_2, 6.2.0.5_1 or 6.2.1.1_1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.0.0 - 6.2.0.5IT48308Apply B2Bi 6.2.0.5_1 or 6.2.1.1_1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.1.1IT48308Apply B2Bi 6.2.1.1_1\n \nThe IIM versions of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1_1 are available on  Fix Central http://www-933.ibm.com/support/fixcentral/swg/selectFixes . \n\nThe container version of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1_1 are available in IBM Entitled Registry."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-36112",
    "datePublished": "2025-11-24T18:25:03.423Z",
    "dateReserved": "2025-04-15T21:16:17.123Z",
    "dateUpdated": "2025-11-24T18:58:40.859Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-36112\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2025-11-24T19:15:48.283\",\"lastModified\":\"2025-11-25T22:16:16.690\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1\u00a0could reveal sensitive server IP configuration information to an unauthorized user.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-497\"}]}],\"references\":[{\"url\":\"https://www.ibm.com/support/pages/node/7252197\",\"source\":\"psirt@us.ibm.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-36112\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-11-24T18:58:11.252178Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-11-24T18:58:34.168Z\"}}], \"cna\": {\"title\": \"IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1:*:*:*:*:*:*:*\"], \"vendor\": \"IBM\", \"product\": \"Sterling B2B Integrator\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.0.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.2.7\"}, {\"status\": \"affected\", \"version\": \"6.2.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.2.0.5\"}, {\"status\": \"affected\", \"version\": \"6.2.1.1\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1:*:*:*:*:*:*:*\"], \"vendor\": \"IBM\", \"product\": \"Sterling File Gateway\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.0.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.2.7\"}, {\"status\": \"affected\", \"version\": \"6.2.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.2.0.5\"}, {\"status\": \"affected\", \"version\": \"6.2.1.1\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"ProductVersionAPARRemediationIBM Sterling B2B Integrator and IBM Sterling File Gateway6.0.0.0 - 6.1.2.7_1IT48308Apply B2Bi 6.1.2.7_2, 6.2.0.5_1 or 6.2.1.1_1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.0.0 - 6.2.0.5IT48308Apply B2Bi 6.2.0.5_1 or 6.2.1.1_1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.1.1IT48308Apply B2Bi 6.2.1.1_1\\n \\nThe IIM versions of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1_1 are available on  Fix Central http://www-933.ibm.com/support/fixcentral/swg/selectFixes . \\n\\nThe container version of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1_1 are available in IBM Entitled Registry.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eVersion\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eRemediation\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.0.0.0 - 6.1.2.7_1\u003c/td\u003e\u003ctd\u003eIT48308\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.1.2.7_2, 6.2.0.5_1 or 6.2.1.1_1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.0.0 - 6.2.0.5\u003c/td\u003e\u003ctd\u003eIT48308\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.0.5_1 or 6.2.1.1_1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.1.1\u003c/td\u003e\u003ctd\u003eIT48308\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.1.1_1\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e \u003cbr\u003e\u003cp\u003eThe IIM versions of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1_1 are available on \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware\u0026amp;product=ibm/Other+software/Sterling+B2B+Integrator\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=all\\\"\u003eFix Central\u003c/a\u003e. \u003c/p\u003e\u003cp\u003eThe container version of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1_1 are available in IBM Entitled Registry.\u003c/p\u003e\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7252197\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1\\u00a0could reveal sensitive server IP configuration information to an unauthorized user.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1\u0026nbsp;\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003ecould reveal sensitive server IP configuration information to an unauthorized user.\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-497\", \"description\": \"CWE-497\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2025-11-24T18:25:03.423Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-36112\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-24T18:58:40.859Z\", \"dateReserved\": \"2025-04-15T21:16:17.123Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2025-11-24T18:25:03.423Z\", \"assignerShortName\": \"ibm\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.