CVE-2025-36135
IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to Cross-Site Scripting
Description
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Vector Breakdown
AV:NAttack VectorAC:LAttack ComplexityPR:LPrivileges RequiredUI:RUser InteractionS:CScopeC:LConfidentialityI:LIntegrityA:NAvailabilityWeaknesses
Affected Products
Exploitability
Attack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
2 techniquesReferences
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2025-36135 and every CVE in our database. Create a free account — no credit card required.
Create Free Account