Description
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 allows a remote unauthenticated attacker to view and delete the partners of a community and to delete the communities.
Published: 2026-03-17
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized deletion and viewing of partner data and communities (remote unauthenticated access).
Action: Apply patch
AI Analysis

Impact

IBM Sterling B2B Integrator and IBM Sterling File Gateway versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 are vulnerable to an improper access control flaw (CWE-306). The vulnerability allows a remote unauthenticated attacker to view the partners of a community and delete the partners and the community itself, leading to confidentiality loss, integrity compromise, and potential disruption of business processes.

Affected Systems

Affected products are IBM Sterling B2B Integrator and IBM Sterling File Gateway. Specific vulnerable versions include 6.1.0.0‑6.1.2.7_2, 6.2.0.0‑6.2.0.5_1, 6.2.1.0‑6.2.1.1_1, and 6.2.2.0, as identified in the vendor's product CPE entries.

Risk and Exploitability

The CVSS score is 7.1 (High) and the EPSS score is <1%, indicating a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires only remote network access and does not require authentication, making it relatively straightforward for an attacker who can reach the affected system to modify or delete critical partner data.

Generated by OpenCVE AI on March 19, 2026 at 15:31 UTC.

Remediation

Vendor Solution

Remediation/Fixes Product Version APAR Remediation & Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48934 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48934 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48934 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48934 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry.

OpenCVE Recommended Actions

  • Apply the IBM APAR release IT48934 by upgrading IBM Sterling B2B Integrator to 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2, or 6.2.2.0_1 (or the corresponding IIM or container fixes available on Fix Central or IBM Entitled Registry).
  • Verify the upgrade and monitor the system for unauthorized deletion or changes to partner and community data.

Generated by OpenCVE AI on March 19, 2026 at 15:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 19 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Ibm sterling File Gateway
CPEs cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_file_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_file_gateway:6.2.2.0:*:*:*:*:*:*:*
Vendors & Products Ibm sterling File Gateway

Wed, 18 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 17 Mar 2026 23:00:00 +0000

Type Values Removed Values Added
Description IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 allows a remote unauthenticated attacker to view and delete the partners of a community and to delete the communities.
Title IBM Sterling B2B Integrator and IBM Sterling File Gateway Improper Access Controls
First Time appeared Ibm
Ibm sterling B2b Integrator
Weaknesses CWE-306
CPEs cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm sterling B2b Integrator
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N'}

Subscriptions

Ibm Sterling B2b Integrator Sterling File Gateway
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-03-18T20:15:57.388Z

Reserved: 2026-01-20T21:20:46.428Z

Link: CVE-2026-1264

cve-icon Vulnrichment

Updated: 2026-03-18T20:15:53.705Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-17T23:16:17.007

Modified: 2026-03-19T14:20:18.633

Link: CVE-2026-1264

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:54:27Z

Weaknesses