Description
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could disclose sensitive host information to authenticated users in responses that could be used in further attacks against the system.
Published: 2026-03-13
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive host information disclosure to authenticated users
Action: Patch
AI Analysis

Impact

A flaw in IBM Sterling B2B Integrator and IBM Sterling File Gateway allows an authenticated user to receive responses that expose sensitive host information. The exposed data does not provide direct remote code execution but could enable a malicious actor to gather system details and plan subsequent attacks. This vulnerability is identified as CWE‑201, Information Exposure.

Affected Systems

IBM Sterling B2B Integrator and IBM Sterling File Gateway, specifically versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 are affected.

Risk and Exploitability

The CVSS score of 4.3 reflects moderate severity, and the EPSS rating of less than 1% indicates a low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Attack requires valid authentication to the system; an attacker who gains access can retrieve host data and potentially use it in further attacks, but no direct privilege escalation or code execution is possible at this stage.

Generated by OpenCVE AI on March 20, 2026 at 20:27 UTC.

Remediation

Vendor Solution

Remediation/Fixes Product Version APAR Remediation & Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48832 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48832 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48832 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48832 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry.

OpenCVE Recommended Actions

  • Upgrade IBM Sterling B2B Integrator and IBM Sterling File Gateway to the latest version. For 6.1.x use B2Bi 6.1.2.8; for 6.2.x use B2Bi 6.2.0.5_2, 6.2.1.1_2, or 6.2.2.0_1 as appropriate for your release track.
  • If using the IIM or container deployments, download the corrected packages from Fix Central or the IBM Entitled Registry and apply them to all affected instances.

Generated by OpenCVE AI on March 20, 2026 at 20:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Ibm sterling File Gateway
CPEs cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_file_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_file_gateway:6.2.2.0:*:*:*:*:*:*:*
Vendors & Products Ibm sterling File Gateway

Fri, 13 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
Description IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could disclose sensitive host information to authenticated users in responses that could be used in further attacks against the system.
Title IBM Sterling B2B Integrator and IBM Sterling File Gateway Information Disclosure
First Time appeared Ibm
Ibm sterling B2b Integrator
Weaknesses CWE-201
CPEs cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm sterling B2b Integrator
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Ibm Sterling B2b Integrator Sterling File Gateway
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-03-13T19:37:32.919Z

Reserved: 2025-12-10T20:02:45.446Z

Link: CVE-2025-14483

cve-icon Vulnrichment

Updated: 2026-03-13T19:37:28.460Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-13T19:53:49.933

Modified: 2026-03-20T19:19:14.810

Link: CVE-2025-14483

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T13:40:16Z

Weaknesses