CVE-2025-36134
IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure
In short
IBM Sterling B2B Integrator and File Gateway have a cookie security flaw that could expose sensitive information. The cookie lacks proper protection settings, allowing attackers in certain scenarios to access data they shouldn't.
Technical detail
The affected versions (6.0.0.0-6.1.2.7, 6.2.0.0-6.2.0.5, 6.2.1.1) fail to set the SameSite attribute on a sensitive cookie, enabling potential cross-site request forgery (CSRF) or cross-site script inclusion attacks to leak session data. Exploitation requires user interaction in a cross-site context.
Summary generated and translated by AI from the official description.
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →