Description
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, and 6.2.1.0 through 6.2.1.1_1 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.
Published: 2026-03-13
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Data Compromise
Action: Apply Patch
AI Analysis

Impact

IBM Sterling B2B Integrator and IBM Sterling File Gateway are vulnerable to a SQL injection flaw that permits an administrative user to send crafted SQL statements. This flaw could enable the attacker to read, insert, modify, or delete data in the product’s back‑end database, potentially exposing sensitive business information and corrupting service data.

Affected Systems

Affected products include IBM Sterling B2B Integrator and IBM Sterling File Gateway. Vulnerable versions are 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, and 6.2.1.0 through 6.2.1.1_1.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate severity. The EPSS score of less than 1% suggests low likelihood of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. However, the flaw requires an administrative account to send malicious SQL, so the attacker must either compromise or have privileged credentials. If an internal threat is present or the system is exposed, the impact could be significant data loss or tampering. Prompt remediation is recommended to mitigate the risk.

Generated by OpenCVE AI on March 20, 2026 at 16:37 UTC.

Remediation

Vendor Solution

Remediation/Fixes Product Version APAR Remediation & Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48640 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48640 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48640 Apply B2Bi 6.2.1.1_2 or 6.2.2.0 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0 are available in IBM Entitled Registry.

OpenCVE Recommended Actions

  • Upgrade IBM Sterling B2B Integrator and IBM Sterling File Gateway to the latest releases (6.1.2.8, 6.2.0.5_2, 6.2.1.1_2, or 6.2.2.0) based on the affected version.
  • If a version upgrade is not immediately possible, apply the IT48640 APAR remediation to the current installation.
  • Verify that the applied fix has been installed correctly and consult IBM Fix Central or the provided support page for additional instructions.

Generated by OpenCVE AI on March 20, 2026 at 16:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Ibm sterling File Gateway
CPEs cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_file_gateway:*:*:*:*:*:*:*:*
Vendors & Products Ibm sterling File Gateway

Mon, 16 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 20:00:00 +0000

Type Values Removed Values Added
Description IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, and 6.2.1.0 through 6.2.1.1_1 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.
Title IBM Sterling B2B Integrator and IBM Sterling File Gateway SQL Injection
First Time appeared Ibm
Ibm sterling B2b Integrator
Weaknesses CWE-89
CPEs cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm sterling B2b Integrator
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N'}

Subscriptions

Ibm Sterling B2b Integrator Sterling File Gateway
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-03-16T13:36:43.574Z

Reserved: 2025-04-15T21:16:55.332Z

Link: CVE-2025-36368

cve-icon Vulnrichment

Updated: 2026-03-16T13:36:38.906Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-13T19:53:50.813

Modified: 2026-03-20T14:49:15.210

Link: CVE-2025-36368

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T13:40:10Z

Weaknesses