{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-2988","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2025-03-30T12:39:19.574Z","datePublished":"2025-08-19T19:15:58.525Z","dateUpdated":"2025-08-19T19:35:55.065Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7:*:*:*:*:*:*:*","cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:*","cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"Sterling B2B Integrator","vendor":"IBM","versions":[{"lessThanOrEqual":"6.1.2.7","status":"affected","version":"6.0.0.0","versionType":"semver"},{"lessThanOrEqual":"6.2.0.4","status":"affected","version":"6.2.0.0","versionType":"semver"},{"status":"affected","version":"6.2.1.0"}]},{"cpes":["cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7:*:*:*:*:*:*:*","cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.4:*:*:*:*:*:*:*","cpe:2.3:a:ibm:sterling_file_gateway:6.2.1.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"Sterling File Gateway","vendor":"IBM","versions":[{"lessThanOrEqual":"6.1.2.7","status":"affected","version":"6.0.0.0","versionType":"semver"},{"lessThanOrEqual":"6.2.0.4","status":"affected","version":"6.2.0.0","versionType":"semver"},{"status":"affected","version":"6.2.1.0"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.4, and 6.2.1.0 could disclose sensitive server information to an unauthorized user that could aid in further attacks against the system."}],"value":"IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.4, and 6.2.1.0 could disclose sensitive server information to an unauthorized user that could aid in further attacks against the system."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":2.7,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-497","description":"CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2025-08-19T19:15:58.525Z"},"references":[{"tags":["vendor-advisory","patch"],"url":"https://www.ibm.com/support/pages/node/7242391"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<table><tbody><tr><td>Product</td><td>Version</td><td>APAR</td><td>Remediation &amp; Fix</td></tr><tr><td>IBM Sterling B2B Integrator and IBM Sterling File Gateway</td><td>6.0.0.0 - 6.1.2.7</td><td>IT48437</td><td>Apply B2Bi 6.1.2.7_1. 6.2.0.5 or 6.2.1.1</td></tr><tr><td>IBM Sterling B2B Integrator and IBM Sterling File Gateway</td><td>6.2.0.0 - 6.2.0.4, 6.2.1.0</td><td>IT48437</td><td>Apply B2Bi 6.2.0.5 or 6.2.1.1</td></tr></tbody></table>\n\n<br>"}],"value":"ProductVersionAPARRemediation & FixIBM Sterling B2B Integrator and IBM Sterling File Gateway6.0.0.0 - 6.1.2.7IT48437Apply B2Bi 6.1.2.7_1. 6.2.0.5 or 6.2.1.1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.0.0 - 6.2.0.4, 6.2.1.0IT48437Apply B2Bi 6.2.0.5 or 6.2.1.1"}],"source":{"discovery":"UNKNOWN"},"title":"IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-08-19T19:32:38.788840Z","id":"CVE-2025-2988","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-08-19T19:35:55.065Z"}}]}}