CVE-2025-36348 MEDIUM

CVE-2025-36348: The Dashboard of IBM Sterling B2B Integrator and IBM Sterling File Gateway is Vulnerable to Information Disclosure

Vendor Ibm
Product Sterling B2B Integrator
Weakness CWE-209 · Error message info leak
Published February 17, 2026
Last update February 18, 2026

CVSS base score

4.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

IBM Sterling B2B Integrator versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1, and IBM Sterling File Gateway versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1 may expose sensitive information to a remote privileged attacker due to the application returning detailed technical error messages in the browser.

Key dates

02Disclosure timeline

February 17, 2026 CVE published
February 18, 2026 Record updated