{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-2988", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-03-30T12:39:19.574Z", "datePublished": "2025-08-19T19:15:58.525Z", "dateUpdated": "2025-08-19T19:35:55.065Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "Sterling B2B Integrator", "vendor": "IBM", "versions": [{"lessThanOrEqual": "6.1.2.7", "status": "affected", "version": "6.0.0.0", "versionType": "semver"}, {"lessThanOrEqual": "6.2.0.4", "status": "affected", "version": "6.2.0.0", "versionType": "semver"}, {"status": "affected", "version": "6.2.1.0"}]}, {"cpes": ["cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:sterling_file_gateway:6.2.1.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "Sterling File Gateway", "vendor": "IBM", "versions": [{"lessThanOrEqual": "6.1.2.7", "status": "affected", "version": "6.0.0.0", "versionType": "semver"}, {"lessThanOrEqual": "6.2.0.4", "status": "affected", "version": "6.2.0.0", "versionType": "semver"}, {"status": "affected", "version": "6.2.1.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.4, and 6.2.1.0 could disclose sensitive server information to an unauthorized user that could aid in further attacks against the system."}], "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.4, and 6.2.1.0 could disclose sensitive server information to an unauthorized user that could aid in further attacks against the system."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-497", "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-08-19T19:15:58.525Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7242391"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<table><tbody><tr><td>Product</td><td>Version</td><td>APAR</td><td>Remediation &amp; Fix</td></tr><tr><td>IBM Sterling B2B Integrator and IBM Sterling File Gateway</td><td>6.0.0.0 - 6.1.2.7</td><td>IT48437</td><td>Apply B2Bi 6.1.2.7_1. 6.2.0.5 or 6.2.1.1</td></tr><tr><td>IBM Sterling B2B Integrator and IBM Sterling File Gateway</td><td>6.2.0.0 - 6.2.0.4, 6.2.1.0</td><td>IT48437</td><td>Apply B2Bi 6.2.0.5 or 6.2.1.1</td></tr></tbody></table>\n\n<br>"}], "value": "ProductVersionAPARRemediation & FixIBM Sterling B2B Integrator and IBM Sterling File Gateway6.0.0.0 - 6.1.2.7IT48437Apply B2Bi 6.1.2.7_1. 6.2.0.5 or 6.2.1.1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.0.0 - 6.2.0.4, 6.2.1.0IT48437Apply B2Bi 6.2.0.5 or 6.2.1.1"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-19T19:32:38.788840Z", "id": "CVE-2025-2988", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-19T19:35:55.065Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2988", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-19T19:32:38.788840Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-19T19:35:50.284Z"}}], "cna": {"title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "Sterling B2B Integrator", "versions": [{"status": "affected", "version": "6.0.0.0", "versionType": "semver", "lessThanOrEqual": "6.1.2.7"}, {"status": "affected", "version": "6.2.0.0", "versionType": "semver", "lessThanOrEqual": "6.2.0.4"}, {"status": "affected", "version": "6.2.1.0"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:sterling_file_gateway:6.2.1.0:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "Sterling File Gateway", "versions": [{"status": "affected", "version": "6.0.0.0", "versionType": "semver", "lessThanOrEqual": "6.1.2.7"}, {"status": "affected", "version": "6.2.0.0", "versionType": "semver", "lessThanOrEqual": "6.2.0.4"}, {"status": "affected", "version": "6.2.1.0"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "ProductVersionAPARRemediation & FixIBM Sterling B2B Integrator and IBM Sterling File Gateway6.0.0.0 - 6.1.2.7IT48437Apply B2Bi 6.1.2.7_1. 6.2.0.5 or 6.2.1.1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.0.0 - 6.2.0.4, 6.2.1.0IT48437Apply B2Bi 6.2.0.5 or 6.2.1.1", "supportingMedia": [{"type": "text/html", "value": "<table><tbody><tr><td>Product</td><td>Version</td><td>APAR</td><td>Remediation &amp; Fix</td></tr><tr><td>IBM Sterling B2B Integrator and IBM Sterling File Gateway</td><td>6.0.0.0 - 6.1.2.7</td><td>IT48437</td><td>Apply B2Bi 6.1.2.7_1. 6.2.0.5 or 6.2.1.1</td></tr><tr><td>IBM Sterling B2B Integrator and IBM Sterling File Gateway</td><td>6.2.0.0 - 6.2.0.4, 6.2.1.0</td><td>IT48437</td><td>Apply B2Bi 6.2.0.5 or 6.2.1.1</td></tr></tbody></table>\n\n<br>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7242391", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.4, and 6.2.1.0 could disclose sensitive server information to an unauthorized user that could aid in further attacks against the system.", "supportingMedia": [{"type": "text/html", "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.4, and 6.2.1.0 could disclose sensitive server information to an unauthorized user that could aid in further attacks against the system.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-497", "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-08-19T19:15:58.525Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2988", "state": "PUBLISHED", "dateUpdated": "2025-08-19T19:35:55.065Z", "dateReserved": "2025-03-30T12:39:19.574Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-08-19T19:15:58.525Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "37937096-E57B-4D48-8E67-46DFF9658742", "versionEndExcluding": "6.1.2.7_1", "versionStartIncluding": "6.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "E55109D2-2529-48AB-9C88-C216C9B9E63C", "versionEndExcluding": "6.2.0.5", "versionStartIncluding": "6.2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5071FDDF-398F-4214-B8DD-93ED55F0808F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_file_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "FAE0FFB5-51B7-4D89-8AA5-BC60A848AEE4", "versionEndExcluding": "6.1.2.7_1", "versionStartIncluding": "6.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_file_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "94A1DFAD-FD8B-4BA3-AC05-645E53676463", "versionEndExcluding": "6.2.0.5", "versionStartIncluding": "6.2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_file_gateway:6.2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F5074FA1-0FC6-486B-BCBE-A7BA6E9155D1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.4, and 6.2.1.0 could disclose sensitive server information to an unauthorized user that could aid in further attacks against the system."}, {"lang": "es", "value": "IBM Sterling B2B Integrator e IBM Sterling File Gateway 6.0.0.0 a 6.1.2.7, 6.2.0.0 a 6.2.0.4 y 6.2.1.0 podr\u00edan revelar informaci\u00f3n confidencial del servidor a un usuario no autorizado, lo que podr\u00eda contribuir a futuros ataques contra el sistema."}], "id": "CVE-2025-2988", "lastModified": "2025-09-17T17:56:23.087", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-08-19T20:15:30.757", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7242391"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-497"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}