CVE-2025-36002

📊 5.5 MEDIUM⚡ 0.0%🎯 0 exploits

📅 Published Oct 16, 2025

📋 Status: Modified

IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5, and 6.2.1.0 stores user credentials in configuration files which can be read by a local user.

CVSS v3.1 • [email protected]

🎯 Affected Products & Systems

7 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	ibm	sterling b2b integrator	≥ 6.2.0.0 ∧ < 6.2.0.5_1	Vulnerable	cpe:2.3:a:ibm:sterling_b2b_integrator::::::::
📱App	ibm	sterling b2b integrator	6.2.1.0	Vulnerable	cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:::::::*
📱App	ibm	sterling file gateway	≥ 6.2.0.0 ∧ < 6.2.0.5_1	Vulnerable	cpe:2.3:a:ibm:sterling_file_gateway::::::::
📱App	ibm	sterling file gateway	6.2.1.0	Vulnerable	cpe:2.3:a:ibm:sterling_file_gateway:6.2.1.0:::::::*
💻OS	ibm	aix	All versions	Not Vulnerable	cpe:2.3:o:ibm:aix:-:::::::*
💻OS	linux	linux kernel	All versions	Not Vulnerable	cpe:2.3:o:linux:linux_kernel:-:::::::*
💻OS	microsoft	windows	All versions	Not Vulnerable	cpe:2.3:o:microsoft:windows:-:::::::*

📱

ibm / sterling b2b integrator

Application

Vulnerable

Version: ≥ 6.2.0.0 ∧ < 6.2.0.5_1

CPE:

cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:*:*:*:*

📱

ibm / sterling b2b integrator

Application

Vulnerable

Version: 6.2.1.0

CPE:

cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*

📱

ibm / sterling file gateway

Application

Vulnerable

Version: ≥ 6.2.0.0 ∧ < 6.2.0.5_1

CPE:

cpe:2.3:a:ibm:sterling_file_gateway:*:*:*:*:*:*:*:*

📱

ibm / sterling file gateway

Application

Vulnerable

Version: 6.2.1.0

CPE:

cpe:2.3:a:ibm:sterling_file_gateway:6.2.1.0:*:*:*:*:*:*:*

💻

ibm / aix

Operating System

Safe

Version: All versions

CPE:

cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*

💻

linux / linux kernel

Operating System

Safe

Version: All versions

CPE:

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

💻

microsoft / windows

Operating System

Safe

Version: All versions

CPE:

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

7 products•scroll for more

Metrics

5.5 MEDIUMCVSS v3.1[email protected]

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector:

LOCAL

Complexity:

LOW

Privileges:

LOW

User Interaction:

NONE

Confidentiality:

HIGH

Integrity:

NONE

Availability:

NONE

Scope:

UNCHANGED

🔍 Technical Details

Analysis Status

Modified

CVSS Details

5.5 (MEDIUM)v3.1

Source: [email protected]

EPSS Details

0.0% (Minimal)1.1th percentile

Last updated: Oct 30, 2025

Exploitation probability within 30 days

Published Date

Oct 16, 2025 (15 days ago)

Last Modified

Oct 25, 2025 (7 days ago)

Security Weaknesses2

CWE-260CWE-256

References2

NVDgeneral