CVE-2025-36134

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-36134

CWE

https://cwe.mitre.org/data/definitions/1275.html

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie.

Weakness

The SameSite attribute for sensitive cookies is not set, or an insecure value is used.

Affected Software

Name	Vendor	Start Version	End Version
Sterling_b2b_integrator	Ibm	6.0.0.0 (including)	6.1.2.7_2 (excluding)
Sterling_b2b_integrator	Ibm	6.2.0.0 (including)	6.2.0.5_1 (excluding)
Sterling_b2b_integrator	Ibm	6.2.1.1 (including)	6.2.1.1 (including)
Sterling_file_gateway	Ibm	6.0.0.0 (including)	6.1.2.7_2 (excluding)
Sterling_file_gateway	Ibm	6.2.0.0 (including)	6.2.0.5_1 (excluding)
Sterling_file_gateway	Ibm	6.2.1.1 (including)	6.2.1.1 (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/62.html

References

https://www.ibm.com/support/pages/node/7252210

Sensitive Cookie with Improper SameSite Attribute

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References