Cyber Resilience

CVE-2025-36368

Medium

Published: 13 March 2026

Published
13 March 2026
Modified
20 March 2026
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0003 9.5th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-36368 is a medium-severity SQL Injection (CWE-89) vulnerability in Ibm Sterling B2B Integrator. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 9.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-36368 is a SQL injection vulnerability (CWE-89) affecting IBM Sterling B2B Integrator and IBM Sterling File Gateway in versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, and 6.2.1.0 through 6.2.1.1_1. Published on 2026-03-13, it carries a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N), indicating medium severity with high confidentiality and integrity impacts but no availability disruption.

The vulnerability can be exploited over the network with low complexity by an authenticated administrative user (PR:H) who sends specially crafted SQL statements. Successful exploitation enables the attacker to view, add, modify, or delete sensitive information in the back-end database, potentially leading to unauthorized data manipulation or exposure.

IBM's security advisory provides details on mitigation and patching; practitioners should consult https://www.ibm.com/support/pages/node/7263324 for fix information and recommended actions specific to affected versions.

EU & UK References

Vulnerability details

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, and 6.2.1.0 through 6.2.1.1_1 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view,…

more

add, modify, or delete information in the back-end database.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
Why these techniques?

SQL injection in a network-exposed B2B application directly enables T1190 (Exploit Public-Facing Application) for initial exploitation by an authenticated admin; successful queries allow unauthorized access/modification of backend database contents, mapping to T1213.006 (Data from Information Repositories: Databases).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-1264Same product: Ibm Sterling B2B Integrator
CVE-2025-14031Same product: Ibm Sterling B2B Integrator
CVE-2023-50316Same product: Ibm Sterling B2B Integrator
CVE-2025-13379Same vendor: Ibm
CVE-2024-35148Same vendor: Ibm
CVE-2026-24782Same product class: managed file transfer
CVE-2024-31903Same product: Ibm Sterling B2B Integrator
CVE-2025-13214Same vendor: Ibm
CVE-2023-34362Same product class: managed file transfer
CVE-2023-38739Same product: Ibm Sterling B2B Integrator

Affected Assets

ibm
sterling b2b integrator
6.1.0.0 — 6.1.2.8 · 6.2.0.0 — 6.2.0.5_2 · 6.2.1.0 — 6.2.1.1_2
ibm
sterling file gateway
6.1.0.0 — 6.1.2.8 · 6.2.0.0 — 6.2.0.5_2 · 6.2.1.0 — 6.2.1.1_2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of all input (including administrative SQL statements) to reject crafted queries that enable unauthorized database access or modification.

prevent

Restricts the database privileges granted to administrative accounts so that even a successful SQL injection yields only the minimal actions needed for B2B/FG operations.

detect

Monitors for anomalous SQL patterns or unexpected database activity originating from the administrative interface of the affected IBM Sterling components.

References