CVE-2025-36134
BaseFortify
Publication date: 2025-11-25
Last updated on: 2025-12-01
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | sterling_b2b_integrator | From 6.0.0.0 (inc) to 6.1.2.7_2 (exc) |
| ibm | sterling_b2b_integrator | From 6.2.0.0 (inc) to 6.2.0.5_1 (exc) |
| ibm | sterling_b2b_integrator | 6.2.1.1 |
| ibm | sterling_file_gateway | From 6.0.0.0 (inc) to 6.1.2.7_2 (exc) |
| ibm | sterling_file_gateway | From 6.2.0.0 (inc) to 6.2.0.5_1 (exc) |
| ibm | sterling_file_gateway | 6.2.1.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1275 | The SameSite attribute for sensitive cookies is not set, or an insecure value is used. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in IBM Sterling B2B Integrator and IBM Sterling File Gateway versions 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 involves the potential disclosure of sensitive information due to a missing or insecure SameSite attribute on a sensitive cookie. The SameSite attribute is used to control whether cookies are sent with cross-site requests, and if it is missing or insecure, it can lead to unintended exposure of cookie data.
How can this vulnerability impact me? :
The vulnerability can lead to the disclosure of sensitive information through cookies, which may be exploited by attackers to gain unauthorized access or perform cross-site request forgery (CSRF) attacks. However, the CVSS base score of 3.7 indicates a low severity impact, with limited confidentiality impact and no integrity or availability impact.