CVE-2025-36368

MEDIUM

IBM Sterling B2B Integrator 6.1.0.0-6.1.2.7_2 - SQL Injection

Title source: llm
STIX 2.1

Description

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, and 6.2.1.0 through 6.2.1.1_1 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.

References (1)

Core 1
Core References
Various Sources vendor-advisory patch
https://www.ibm.com/support/pages/node/7263324

Scores

CVSS v3 6.5
EPSS 0.0003
EPSS Percentile 9.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (5)
IBM/Sterling B2B Integrator 6.1.0.0 - 6.1.2.7_2
IBM/Sterling B2B Integrator 6.2.0.0 - 6.2.0.5_1
IBM/Sterling B2B Integrator 6.2.1.0 - 6.2.1.1_1
ibm/sterling_b2b_integrator 6.1.0.0 - 6.1.2.8
ibm/sterling_file_gateway 6.1.0.0 - 6.1.2.8
Published Mar 13, 2026
Tracked Since Mar 14, 2026