Description
IBM Sterling B2B Integrator and and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could allow an unauthenticated attacker to send a specially crafted request that causes the application to crash.
Published: 2026-03-17
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

IBM Sterling B2B Integrator and IBM Sterling File Gateway versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 are affected. A specially crafted request sent by an unauthenticated attacker can cause the application to crash, resulting in a denial of service. This vulnerability is associated with CWE-77, indicating a potential command injection or related weakness that leads to application termination, compromising availability.

Affected Systems

Affected vendors: IBM. Products: Sterling B2B Integrator and Sterling File Gateway. Affected versions are 6.1.0.0-6.1.2.7_2, 6.2.0.0-6.2.0.5_1, 6.2.1.0-6.2.1.1_1, and 6.2.2.0. The CPE list confirms these product ranges.

Risk and Exploitability

Credible risk: CVSS score 7.5 indicates high severity, but EPSS score is <1% so exploitation likelihood is currently low. The vulnerability is not listed in the CISA KEV catalog. Attack vector is likely over the network to the application, with no authentication required. If exploited, the service would become unavailable, impacting business processes that depend on B2B integration.

Generated by OpenCVE AI on March 19, 2026 at 15:31 UTC.

Remediation

Vendor Solution

Remediation/Fixes Product Version APAR Remediation & Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48828 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48828 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48828 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48828 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry.

OpenCVE Recommended Actions

  • Apply the IBM APAR remediation and fix by upgrading to the following versions: B2Bi 6.2.2.0_1 for 6.2.2.0, B2Bi 6.2.1.1_2 for 6.2.1.0-6.2.1.1_1, B2Bi 6.2.0.5_2 for 6.2.0.0-6.2.0.5_1, and B2Bi 6.1.2.8 for 6.1.0.0-6.1.2.7_2.
  • If immediate patching is not possible, restrict network access to the Sterling B2B Integrator and File Gateway interfaces to prevent unauthenticated requests, or apply firewall rules to mitigate.
  • Verify that the latest IIM and container versions (e.g., 6.2.2.0_1) are installed, which can be retrieved from Fix Central or the IBM Entitled Registry.

Generated by OpenCVE AI on March 19, 2026 at 15:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 19 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Ibm sterling File Gateway
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_file_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_file_gateway:6.2.2.0:*:*:*:*:*:*:*
Vendors & Products Ibm sterling File Gateway

Wed, 18 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 17 Mar 2026 23:00:00 +0000

Type Values Removed Values Added
Description IBM Sterling B2B Integrator and and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could allow an unauthenticated attacker to send a specially crafted request that causes the application to crash.
Title IBM Sterling B2B Integrator and IBM Sterling File Gateway Denial of Service
First Time appeared Ibm
Ibm sterling B2b Integrator
Weaknesses CWE-77
CPEs cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm sterling B2b Integrator
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Ibm Sterling B2b Integrator Sterling File Gateway
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-03-18T20:15:38.036Z

Reserved: 2025-12-04T14:47:49.654Z

Link: CVE-2025-14031

cve-icon Vulnrichment

Updated: 2026-03-18T20:15:34.472Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-17T23:16:15.863

Modified: 2026-03-19T14:20:15.870

Link: CVE-2025-14031

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:54:27Z

Weaknesses