5.5
CVE-2025-36002
- EPSS 0.01%
- Veröffentlicht 16.10.2025 14:54:53
- Zuletzt bearbeitet 25.10.2025 02:15:39
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM Sterling B2B Integrator information disclosure
IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5, and 6.2.1.0 stores user credentials in configuration files which can be read by a local user.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Sterling B2b Integrator Version >= 6.2.0.0 < 6.2.0.5_1
Ibm ≫ Sterling B2b Integrator Version6.2.1.0
Ibm ≫ Sterling File Gateway Version >= 6.2.0.0 < 6.2.0.5_1
Ibm ≫ Sterling File Gateway Version6.2.1.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.018 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@us.ibm.com | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-256 Plaintext Storage of a Password
Storing a password in plaintext may result in a system compromise.
CWE-260 Password in Configuration File
The product stores a password in a configuration file that might be accessible to actors who do not know the password.