How to fix EUVD-2025-208665?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Validate input sanitization for user-controlled parameters.

Is IBM affected by EUVD-2025-208665?

CVE-2025-36368 presents notable security risk, a SQL injection vulnerability rated CVSS 6.5. Exploitation could allow attackers to execute code or inject malicious input. A patch is available and should be applied during regular vulnerability management.

EUVD-2025-208665

| CVE-2025-36368 MEDIUM

2026-03-13 ibm

6.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Patch Released

Mar 20, 2026 - 14:49 nvd

Patch available

EUVD ID Assigned

Mar 13, 2026 - 20:00 euvd

EUVD-2025-208665

Analysis Generated

Mar 13, 2026 - 20:00 vuln.today

CVE Published

Mar 13, 2026 - 19:35 nvd

MEDIUM 6.5

Description

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, and 6.2.1.0 through 6.2.1.1_1 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.

Analysis

SQL injection vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway that allows authenticated administrative users to execute arbitrary SQL commands against the backend database. An attacker with admin privileges can view, add, modify, or delete sensitive database information. While requiring high privileges (PR:H), the vulnerability has a CVSS score of 6.5 (Medium) due to high impact on confidentiality and integrity; no active exploitation in the wild or public POC has been reported at this time.

Technical Context

This vulnerability stems from improper input validation in SQL query construction (CWE-89: Improper Neutralization of Special Elements used in an SQL Command). The affected products—IBM Sterling B2B Integrator (CPE: cpe:2.3:a:ibm:sterling_b2b_integrator) and IBM Sterling File Gateway—fail to properly sanitize user-supplied input when constructing SQL statements for database operations. The vulnerability affects versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, and 6.2.1.0 through 6.2.1.1_1. Sterling products are enterprise integration platforms that process sensitive B2B transactions; compromised SQL query handling directly threatens the integrity and confidentiality of transactional data stored in the backend relational database.

Affected Products

IBM Sterling B2B Integrator (['6.1.0.0 through 6.1.2.7_2', '6.2.0.0 through 6.2.0.5_1', '6.2.1.0 through 6.2.1.1_1']); IBM Sterling File Gateway (['6.1.0.0 through 6.1.2.7_2', '6.2.0.0 through 6.2.0.5_1', '6.2.1.0 through 6.2.1.1_1'])

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +32

POC: 0

EUVD-2025-208665 vulnerability details – vuln.today

Back

EUVD-2025-208665

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

EUVD-2025-208665

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

External POC / Exploit Code