CVE-2025-14031 (GCVE-0-2025-14031)

Vulnerability from cvelistv5 – Published: 2026-03-17 22:41 – Updated: 2026-03-17 22:41
VLAI?
Title
IBM Sterling B2B Integrator and IBM Sterling File Gateway Denial of Service
Summary
IBM Sterling B2B Integrator and and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could allow an unauthenticated attacker to send a specially crafted request that causes the application to crash.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
  • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
ibm
References
Impacted products
Vendor Product Version
IBM Sterling B2B Integrator Affected: 6.1.0.0 , ≤ 6.1.2.7_2 (semver)
Affected: 6.2.0.0 , ≤ 6.2.0.5_1 (semver)
Affected: 6.2.1.0 , ≤ 6.2.1.1_1 (semver)
Affected: 6.2.2.0
    cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:*:*:*:*"
          ],
          "product": "Sterling B2B Integrator",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "6.1.2.7_2",
              "status": "affected",
              "version": "6.1.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.0.5_1",
              "status": "affected",
              "version": "6.2.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.1.1_1",
              "status": "affected",
              "version": "6.2.1.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "6.2.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM Sterling B2B Integrator and\u0026nbsp;\u003cspan\u003eand IBM Sterling File Gateway\u0026nbsp;\u003c/span\u003e\u003cspan\u003e6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could allow an unauthenticated attacker to send a specially crafted request that causes the application to crash.\u003c/span\u003e\u003c/p\u003e"
            }
          ],
          "value": "IBM Sterling B2B Integrator and\u00a0and IBM Sterling File Gateway\u00a06.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could allow an unauthenticated attacker to send a specially crafted request that causes the application to crash."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-17T22:41:41.536Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7266520"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eRemediation/Fixes Product Version APAR Remediation \u0026amp; Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48828 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48828 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48828 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48828 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry.\u003c/p\u003e"
            }
          ],
          "value": "Remediation/Fixes Product Version APAR Remediation \u0026 Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48828 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48828 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48828 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48828 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry."
        }
      ],
      "title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway Denial of Service",
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-14031",
    "datePublished": "2026-03-17T22:41:41.536Z",
    "dateReserved": "2025-12-04T14:47:49.654Z",
    "dateUpdated": "2026-03-17T22:41:41.536Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-14031\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2026-03-17T23:16:15.863\",\"lastModified\":\"2026-03-18T14:52:44.227\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Sterling B2B Integrator and\u00a0and IBM Sterling File Gateway\u00a06.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could allow an unauthenticated attacker to send a specially crafted request that causes the application to crash.\"},{\"lang\":\"es\",\"value\":\"IBM Sterling B2B Integrator e IBM Sterling File Gateway 6.1.0.0 hasta 6.1.2.7_2, 6.2.0.0 hasta 6.2.0.5_1, 6.2.1.0 hasta 6.2.1.1_1, y 6.2.2.0 podr\u00edan permitir a un atacante no autenticado enviar una solicitud especialmente dise\u00f1ada que provoca que la aplicaci\u00f3n se bloquee.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-77\"}]}],\"references\":[{\"url\":\"https://www.ibm.com/support/pages/node/7266520\",\"source\":\"psirt@us.ibm.com\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.