7.5
CVE-2025-36134
- EPSS 0.03%
- Veröffentlicht 25.11.2025 14:40:55
- Zuletzt bearbeitet 01.12.2025 15:05:10
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Sterling B2b Integrator Version >= 6.0.0.0 < 6.1.2.7_2
Ibm ≫ Sterling B2b Integrator Version >= 6.2.0.0 < 6.2.0.5_1
Ibm ≫ Sterling B2b Integrator Version6.2.1.1
Ibm ≫ Sterling File Gateway Version >= 6.0.0.0 < 6.1.2.7_2
Ibm ≫ Sterling File Gateway Version >= 6.2.0.0 < 6.2.0.5_1
Ibm ≫ Sterling File Gateway Version6.2.1.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.071 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| psirt@us.ibm.com | 3.7 | 2.2 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-1275 Sensitive Cookie with Improper SameSite Attribute
The SameSite attribute for sensitive cookies is not set, or an insecure value is used.