CVE-2025-36348
Received
Received - Intake
Information Disclosure via Detailed Error Messages in IBM Sterling Integrator
Publication date: 2026-02-17
Last updated on: 2026-02-20
Assigner: IBM Corporation
Description
Description
IBM Sterling B2B Integrator versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1, and IBM Sterling File Gateway versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1Β may expose sensitive information to a remote privileged attacker due to the application returning detailed technical error messages in the browser.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | sterling_b2b_integrator | From 6.2.0.0 (inc) to 6.2.0.5_1 (exc) |
| ibm | sterling_file_gateway | From 6.2.0.0 (inc) to 6.2.0.5_1 (exc) |
| ibm | sterling_b2b_integrator | From 6.1.0.0 (inc) to 6.1.2.8 (exc) |
| ibm | sterling_b2b_integrator | From 6.2.1.0 (inc) to 6.2.1.1_1 (exc) |
| ibm | sterling_file_gateway | From 6.1.0.0 (inc) to 6.1.2.8 (exc) |
| ibm | sterling_file_gateway | From 6.2.1.0 (inc) to 6.2.1.1_1 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-209 | The product generates an error message that includes sensitive information about its environment, users, or associated data. |
