IBM Sterling B2B Integrator and IBM Sterling File Gateway are...

5.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Description

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Basic Information

ID CVE-2025-36135

Source ibm

Published Nov 7, 2025 at 18:26

Modified Nov 7, 2025 at 18:47

Affected Product

Vendor IBM

Product Sterling B2B Integrator

Version 6.0.0.0

Affected Versions IBM Sterling B2B Integrator 6.0.0.0
IBM Sterling B2B Integrator 6.2.0.0
IBM Sterling B2B Integrator 6.2.1.0
IBM Sterling File Gateway 6.0.0.0
IBM Sterling File Gateway 6.2.0.0
IBM Sterling File Gateway 6.2.1.0

CWE Classification

CWE-79

References

www.ibm.com /support/pages/node/7250509

{
    "lastseen": "",
    "description": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.",
    "published": "2025-11-07T18:26:57.845Z",
    "modified": "2025-11-07T18:47:27.813Z",
    "type": "cve",
    "title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to Cross-Site Scripting",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7250509",
    "id": "CVE-2025-36135",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "IBM Sterling B2B Integrator 6.0.0.0\nIBM Sterling B2B Integrator 6.2.0.0\nIBM Sterling B2B Integrator 6.2.1.0\nIBM Sterling File Gateway 6.0.0.0\nIBM Sterling File Gateway 6.2.0.0\nIBM Sterling File Gateway 6.2.1.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Sterling B2B Integrator",
    "version": "6.0.0.0",
    "vendor": "IBM",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to Cross-Site Scripting_CVE-2025-36135