LOW🇵🇱 Wersja polska

CVE-2025-36134

CVSS 3.7v3.1pub. 2025-11-25upd. 2025-12-01

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
  • IBM Sterling B2b Integrator

    APP
    Ibm
    6.2.1.16.0.0.0 – 6.1.2.7_2 (bez)6.2.0.0 – 6.2.0.5_1 (bez)
  • IBM Sterling File Gateway

    APP
    Ibm
    6.2.1.16.0.0.0 – 6.1.2.7_2 (bez)6.2.0.0 – 6.2.0.5_1 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2015-7450CRITICAL9.8⚠ KEVten sam produkt

Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and m...

CVE-2021-39085CRITICAL9.8ten sam produkt

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 thr...

CVE-2021-29903CRITICAL9.8ten sam produkt

IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL injection. A remote ...

CVE-2021-29798CRITICAL9.8ten sam produkt

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 is vulnerable to SQL injection. A remote ...

CVE-2025-14031HIGH7.5ten sam produkt

IBM Sterling B2B Integrator and and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0...