IBM Sterling B2B Intgr. 6.2.x Credential Exposure
CVE-2025-36002 Published on October 16, 2025

IBM Sterling B2B Integrator information disclosure
IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5, and 6.2.1.0 stores user credentials in configuration files which can be read by a local user.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2025-36002 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Types

Password in Configuration File

The software stores a password in a configuration file that might be accessible to actors who do not know the password. This can result in compromise of the system for which the password is used. An attacker could gain access to this file and learn the stored password or worse yet, change the password to one of their choosing.

Unprotected Storage of Credentials

Storing a password in plaintext may result in a system compromise. Password management issues occur when a password is stored in plaintext in an application's properties or configuration file. Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource.


Products Associated with CVE-2025-36002

stack.watch emails you whenever new vulnerabilities are published in IBM Sterling B2b Integrator or IBM Sterling File Gateway. Just hit a watch button to start following.

IBM Sterling B2b Integrator
 
IBM Sterling File Gateway
 

Affected Versions

IBM Sterling B2B Integrator: IBM Sterling File Gateway:

Exploit Probability

EPSS
0.02%
Percentile
4.53%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.