CVE-2025-14483
Information Disclosure Vulnerability in IBM Sterling B2B Integrator
Publication date: 2026-03-13
Last updated on: 2026-03-20
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | sterling_b2b_integrator | From 6.1.0.0 (inc) to 6.1.2.8 (exc) |
| ibm | sterling_file_gateway | From 6.1.0.0 (inc) to 6.1.2.8 (exc) |
| ibm | sterling_b2b_integrator | From 6.2.0.0 (inc) to 6.2.0.5_2 (exc) |
| ibm | sterling_b2b_integrator | From 6.2.1.0 (inc) to 6.2.1.1_2 (exc) |
| ibm | sterling_b2b_integrator | 6.2.2.0 |
| ibm | sterling_file_gateway | From 6.2.0.0 (inc) to 6.2.0.5_2 (exc) |
| ibm | sterling_file_gateway | From 6.2.1.0 (inc) to 6.2.1.1_2 (exc) |
| ibm | sterling_file_gateway | 6.2.2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-201 | The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability, identified as CVE-2025-14483, affects IBM Sterling B2B Integrator and IBM Sterling File Gateway. It allows authenticated users to obtain sensitive host information through system responses. This information disclosure could be exploited in subsequent attacks against the system.
The issue is classified under CWE-201 (Insertion of Sensitive Information Into Sent Data) and has a CVSS v3.1 base score of 4.3, indicating a network attack vector with low attack complexity, requiring low privileges, no user interaction, and resulting in low confidentiality impact without affecting integrity or availability.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing authenticated users to access sensitive host information that should not be disclosed. This information leakage can be used by attackers to plan and execute further attacks against your system.
Although the confidentiality impact is rated as low, the disclosed information could still aid attackers in compromising the system or escalating their privileges.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific detection commands or methods provided to identify this vulnerability on your network or system.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves applying the APAR IT48832 and upgrading affected IBM Sterling B2B Integrator and IBM Sterling File Gateway versions to the fixed versions.
- For versions 6.1.0.0 through 6.1.2.7_2: upgrade to 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2, or 6.2.2.0_1.
- For versions 6.2.0.0 through 6.2.0.5_1: upgrade to 6.2.0.5_2, 6.2.1.1_2, or 6.2.2.0_1.
- For versions 6.2.1.0 through 6.2.1.1_1: upgrade to 6.2.1.1_2 or 6.2.2.0_1.
- For version 6.2.2.0: upgrade to 6.2.2.0_1.
No workarounds or alternative mitigations are provided, so upgrading is the recommended course of action.