CVE-2025-36368 MEDIUM

CVE-2025-36368: IBM Sterling B2B Integrator and IBM Sterling File Gateway SQL Injection

Vendor Ibm
Product Sterling B2B Integrator
Weakness CWE-89 · SQLi
Published March 13, 2026
Last update March 16, 2026

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, and 6.2.1.0 through 6.2.1.1_1 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.

Key dates

02Disclosure timeline

March 13, 2026 CVE published
March 16, 2026 Record updated