CVE-2025-36002
BaseFortify
Publication date: 2025-10-16
Last updated on: 2025-10-25
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| ibm | sterling_b2b_integrator | From 6.2.0.0 (inc) to 6.2.0.5_1 (exc) |
| ibm | sterling_b2b_integrator | 6.2.1.0 |
| ibm | sterling_file_gateway | From 6.2.0.0 (inc) to 6.2.0.5_1 (exc) |
| ibm | sterling_file_gateway | 6.2.1.0 |
| ibm | aix | * |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-260 | The product stores a password in a configuration file that might be accessible to actors who do not know the password. |
| CWE-256 | The product stores a password in plaintext within resources such as memory or files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves IBM Sterling B2B Integrator and IBM Sterling File Gateway versions specified, where user credentials are stored in configuration files that can be read by a local user. This means that someone with local access to the system can potentially access sensitive credential information stored insecurely.
How can this vulnerability impact me? :
The impact of this vulnerability is that a local user could read stored user credentials from configuration files, potentially leading to unauthorized access to systems or data. This could compromise confidentiality but does not directly affect integrity or availability.