Refine your search
128 vulnerabilities found for Sterling B2B Integrator by IBM
CERTFR-2026-AVI-0327
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling B2B Integrator | Sterling B2B Integrator et Sterling File Gateway versions 6.1.x antérieures à 6.1.2.8 | ||
| IBM | Sterling | Sterling Control Center versions 6.4.2.x antérieures à 6.4.2.0 iFix01 | ||
| IBM | Sterling B2B Integrator | Sterling B2B Integrator et Sterling File Gateway versions 6.2.2.x antérieures à 6.2.2.0_1 | ||
| IBM | Informix Dynamic Server | Informix Dynamic Server versions 12.10.x antérieures à 12.10.xC16W6 | ||
| IBM | WebSphere | WebSphere Hybrid Edition version 5.1 sans les correctifs de sécurité PH69757 et PH69729 | ||
| IBM | Sterling B2B Integrator | Sterling B2B Integrator et Sterling File Gateway versions 6.2.x antérieures à 6.2.0.5_2 | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP15 | ||
| IBM | QRadar Suite Software | QRadar Suite Software versions 1.10.12.x antérieures à 1.11.9.0 | ||
| IBM | Sterling | Sterling Control Center versions 6.3.1.x antérieures à 6.3.1.0 iFix07 | ||
| IBM | Cloud Pak | Cloud Pak for Security versions 1.10.x antérieures à 1.11.9.0 | ||
| IBM | Sterling | Sterling Control Center versions 6.4.1.x antérieures à 6.4.1.0 iFix01 | ||
| IBM | Sterling B2B Integrator | Sterling B2B Integrator et Sterling File Gateway versions 6.2.1.x antérieures à 6.2.1.1_2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling B2B Integrator et Sterling File Gateway versions 6.1.x ant\u00e9rieures \u00e0 6.1.2.8",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.4.2.x ant\u00e9rieures \u00e0 6.4.2.0 iFix01",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator et Sterling File Gateway versions 6.2.2.x ant\u00e9rieures \u00e0 6.2.2.0_1",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Informix Dynamic Server versions 12.10.x ant\u00e9rieures \u00e0 12.10.xC16W6",
"product": {
"name": "Informix Dynamic Server",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Hybrid Edition version 5.1 sans les correctifs de s\u00e9curit\u00e9 PH69757 et PH69729",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator et Sterling File Gateway versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.5_2",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP15",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions 1.10.12.x ant\u00e9rieures \u00e0 1.11.9.0",
"product": {
"name": "QRadar Suite Software",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.3.1.x ant\u00e9rieures \u00e0 6.3.1.0 iFix07",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Security versions 1.10.x ant\u00e9rieures \u00e0 1.11.9.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.4.1.x ant\u00e9rieures \u00e0 6.4.1.0 iFix01",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator et Sterling File Gateway versions 6.2.1.x ant\u00e9rieures \u00e0 6.2.1.1_2",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-32996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32996"
},
{
"name": "CVE-2025-62727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62727"
},
{
"name": "CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"name": "CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"name": "CVE-2025-68349",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68349"
},
{
"name": "CVE-2025-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9287"
},
{
"name": "CVE-2025-14242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14242"
},
{
"name": "CVE-2024-47831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47831"
},
{
"name": "CVE-2025-32421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32421"
},
{
"name": "CVE-2025-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
},
{
"name": "CVE-2025-53905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53905"
},
{
"name": "CVE-2025-6176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6176"
},
{
"name": "CVE-2024-51479",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51479"
},
{
"name": "CVE-2025-15367",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15367"
},
{
"name": "CVE-2025-39933",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39933"
},
{
"name": "CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"name": "CVE-2022-46337",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46337"
},
{
"name": "CVE-2025-38022",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38022"
},
{
"name": "CVE-2025-5372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5372"
},
{
"name": "CVE-2025-40322",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40322"
},
{
"name": "CVE-2025-38459",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38459"
},
{
"name": "CVE-2025-40271",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40271"
},
{
"name": "CVE-2024-11831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11831"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2022-50673",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50673"
},
{
"name": "CVE-2025-38024",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38024"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2025-6545",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6545"
},
{
"name": "CVE-2025-40269",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40269"
},
{
"name": "CVE-2025-55173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55173"
},
{
"name": "CVE-2025-4897",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4897"
},
{
"name": "CVE-2025-48068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48068"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2025-57752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57752"
},
{
"name": "CVE-2025-32997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32997"
},
{
"name": "CVE-2026-1188",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
},
{
"name": "CVE-2023-53552",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53552"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2025-57350",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57350"
},
{
"name": "CVE-2025-66453",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66453"
},
{
"name": "CVE-2025-9288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9288"
},
{
"name": "CVE-2025-15366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15366"
},
{
"name": "CVE-2026-0865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0865"
},
{
"name": "CVE-2025-40158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40158"
},
{
"name": "CVE-2025-58457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58457"
},
{
"name": "CVE-2025-48913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48913"
},
{
"name": "CVE-2025-59250",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59250"
},
{
"name": "CVE-2025-14104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14104"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2025-64775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64775"
},
{
"name": "CVE-2025-39760",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39760"
},
{
"name": "CVE-2025-40135",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40135"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2020-7660",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7660"
},
{
"name": "CVE-2024-29371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
},
{
"name": "CVE-2025-38403",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38403"
},
{
"name": "CVE-2025-14031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14031"
},
{
"name": "CVE-2025-23184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
},
{
"name": "CVE-2025-38415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38415"
},
{
"name": "CVE-2022-50865",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50865"
},
{
"name": "CVE-2025-29927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
},
{
"name": "CVE-2025-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27533"
},
{
"name": "CVE-2023-44483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
},
{
"name": "CVE-2026-1299",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1299"
},
{
"name": "CVE-2025-40170",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40170"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2026-1264",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1264"
},
{
"name": "CVE-2025-53906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53906"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2025-66675",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66675"
},
{
"name": "CVE-2025-68301",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68301"
},
{
"name": "CVE-2025-38051",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38051"
},
{
"name": "CVE-2026-22998",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22998"
},
{
"name": "CVE-2025-40258",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40258"
},
{
"name": "CVE-2025-6547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6547"
},
{
"name": "CVE-2025-40096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40096"
},
{
"name": "CVE-2025-57352",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57352"
},
{
"name": "CVE-2024-26766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26766"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
}
],
"initial_release_date": "2026-03-20T00:00:00",
"last_revision_date": "2026-03-20T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0327",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-03-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7266518",
"url": "https://www.ibm.com/support/pages/node/7266518"
},
{
"published_at": "2026-03-13",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7263574",
"url": "https://www.ibm.com/support/pages/node/7263574"
},
{
"published_at": "2026-03-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7266520",
"url": "https://www.ibm.com/support/pages/node/7266520"
},
{
"published_at": "2026-03-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7266678",
"url": "https://www.ibm.com/support/pages/node/7266678"
},
{
"published_at": "2026-03-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7266497",
"url": "https://www.ibm.com/support/pages/node/7266497"
},
{
"published_at": "2026-03-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7266324",
"url": "https://www.ibm.com/support/pages/node/7266324"
},
{
"published_at": "2026-03-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7266711",
"url": "https://www.ibm.com/support/pages/node/7266711"
},
{
"published_at": "2026-03-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7266677",
"url": "https://www.ibm.com/support/pages/node/7266677"
},
{
"published_at": "2026-03-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7266399",
"url": "https://www.ibm.com/support/pages/node/7266399"
},
{
"published_at": "2026-03-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7266321",
"url": "https://www.ibm.com/support/pages/node/7266321"
}
]
}
CERTFR-2025-AVI-1072
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling Partner Engagement Manager Standard Edition | Sterling Partner Engagement Manager Standard Edition versions 6.2.3.x antérieures à 6.2.3.5 | ||
| IBM | QRadar Use Case Manager App | QRadar Use Case Manager App versions antérieures à 4.1.0 | ||
| IBM | Cognos Controller | Cognos Controller versions 11.x antérieures à 11.0.1 FP7 | ||
| IBM | Sterling Partner Engagement Manager Standard Edition | Sterling Partner Engagement Manager Standard Edition versions 6.2.4.x antérieures à 6.2.4.2 | ||
| IBM | Sterling Partner Engagement Manager Essentials Edition | Sterling Partner Engagement Manager Essentials Edition versions 6.2.4.x antérieures à 6.2.4.2 | ||
| IBM | Sterling B2B Integrator | Sterling B2B Integrator versions 6.2.1.1 sans le correctif de sécurité 6.2.1.1_1 | ||
| IBM | Sterling Partner Engagement Manager Essentials Edition | Sterling Partner Engagement Manager Essentials Edition versions 6.2.3.x antérieures à 6.2.3.5 | ||
| IBM | Sterling File Gateway | Sterling File Gateway versions 6.2.1.1 sans le correctif de sécurité 6.2.1.1_1 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Partner Engagement Manager Standard Edition versions 6.2.3.x ant\u00e9rieures \u00e0 6.2.3.5",
"product": {
"name": "Sterling Partner Engagement Manager Standard Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Use Case Manager App versions ant\u00e9rieures \u00e0 4.1.0",
"product": {
"name": "QRadar Use Case Manager App",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Controller versions 11.x ant\u00e9rieures \u00e0 11.0.1 FP7",
"product": {
"name": "Cognos Controller",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Standard Edition versions 6.2.4.x ant\u00e9rieures \u00e0 6.2.4.2",
"product": {
"name": "Sterling Partner Engagement Manager Standard Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Essentials Edition versions 6.2.4.x ant\u00e9rieures \u00e0 6.2.4.2",
"product": {
"name": "Sterling Partner Engagement Manager Essentials Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator versions 6.2.1.1 sans le correctif de s\u00e9curit\u00e9 6.2.1.1_1 ",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Essentials Edition versions 6.2.3.x ant\u00e9rieures \u00e0 6.2.3.5",
"product": {
"name": "Sterling Partner Engagement Manager Essentials Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling File Gateway versions 6.2.1.1 sans le correctif de s\u00e9curit\u00e9 6.2.1.1_1 ",
"product": {
"name": "Sterling File Gateway",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2023-39017",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39017"
},
{
"name": "CVE-2025-47944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47944"
},
{
"name": "CVE-2025-56200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-56200"
},
{
"name": "CVE-2025-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48795"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2025-12758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12758"
},
{
"name": "CVE-2024-47764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2025-57350",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57350"
},
{
"name": "CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"name": "CVE-2025-48913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48913"
},
{
"name": "CVE-2025-47935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47935"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2019-20149",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20149"
},
{
"name": "CVE-2025-46653",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46653"
},
{
"name": "CVE-2025-7339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2025-48997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48997"
},
{
"name": "CVE-2025-48387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48387"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2025-7338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
},
{
"name": "CVE-2025-59343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59343"
}
],
"initial_release_date": "2025-12-05T00:00:00",
"last_revision_date": "2025-12-05T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1072",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7253432",
"url": "https://www.ibm.com/support/pages/node/7253432"
},
{
"published_at": "2025-12-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7253254",
"url": "https://www.ibm.com/support/pages/node/7253254"
},
{
"published_at": "2025-12-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7253227",
"url": "https://www.ibm.com/support/pages/node/7253227"
},
{
"published_at": "2025-12-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7253232",
"url": "https://www.ibm.com/support/pages/node/7253232"
},
{
"published_at": "2025-12-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7253281",
"url": "https://www.ibm.com/support/pages/node/7253281"
}
]
}
CERTFR-2025-AVI-1051
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling File Gateway | Sterling File Gateway versions antérieures à 6.2.1.1_1 | ||
| IBM | Db2 | Db2 versions V11.5.x sans le correctif APAR DT433150 | ||
| IBM | Spectrum | Spectrum Control versions antérieures à 5.4.13.2 | ||
| IBM | Db2 | Db2 versions V11.1.x sans le correctif APAR DT433150 | ||
| IBM | Db2 | Db2 versions V12.1.3 sans le correctif APAR DT433150 | ||
| IBM | Security QRadar EDR | Security QRadar EDR versions antérieures à 3.12.21 | ||
| IBM | WebSphere Service Registry and Repository | WebSphere Service Registry and Repository versions 8.5 sans les derniers correctifs de sécurité | ||
| IBM | Sterling B2B Integrator | Sterling B2B Integrator versions antérieures à 6.2.1.1_1 | ||
| IBM | QRadar Deployment Intelligence App | QRadar Deployment Intelligence App versions antérieures à 3.0.19 | ||
| IBM | Informix Dynamic Server | Informix Dynamic Server versions 14.10 antérieures à 14.10.xC11W1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling File Gateway versions ant\u00e9rieures \u00e0 6.2.1.1_1",
"product": {
"name": "Sterling File Gateway",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions V11.5.x sans le correctif APAR DT433150",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Spectrum Control versions ant\u00e9rieures \u00e0 5.4.13.2",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions V11.1.x sans le correctif APAR DT433150",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions V12.1.3 sans le correctif APAR DT433150",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.21",
"product": {
"name": "Security QRadar EDR",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Service Registry and Repository versions 8.5 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere Service Registry and Repository",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator versions ant\u00e9rieures \u00e0 6.2.1.1_1",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Deployment Intelligence App versions ant\u00e9rieures \u00e0 3.0.19",
"product": {
"name": "QRadar Deployment Intelligence App",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Informix Dynamic Server versions 14.10 ant\u00e9rieures \u00e0 14.10.xC11W1",
"product": {
"name": "Informix Dynamic Server",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2025-58369",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58369"
},
{
"name": "CVE-2025-47279",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47279"
},
{
"name": "CVE-2025-7962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-36097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36097"
},
{
"name": "CVE-2018-25031",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25031"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2023-32732",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32732"
},
{
"name": "CVE-2025-54121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54121"
},
{
"name": "CVE-2024-45675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45675"
},
{
"name": "CVE-2025-59822",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59822"
},
{
"name": "CVE-2024-56339",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56339"
},
{
"name": "CVE-2025-23184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
},
{
"name": "CVE-2023-32731",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32731"
},
{
"name": "CVE-2025-7339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
}
],
"initial_release_date": "2025-11-28T00:00:00",
"last_revision_date": "2025-11-28T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1051",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-11-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7252704",
"url": "https://www.ibm.com/support/pages/node/7252704"
},
{
"published_at": "2025-11-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7252903",
"url": "https://www.ibm.com/support/pages/node/7252903"
},
{
"published_at": "2025-11-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7252597",
"url": "https://www.ibm.com/support/pages/node/7252597"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7252211",
"url": "https://www.ibm.com/support/pages/node/7252211"
},
{
"published_at": "2025-11-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7252908",
"url": "https://www.ibm.com/support/pages/node/7252908"
},
{
"published_at": "2025-11-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7250474",
"url": "https://www.ibm.com/support/pages/node/7250474"
},
{
"published_at": "2025-11-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7252718",
"url": "https://www.ibm.com/support/pages/node/7252718"
}
]
}
CERTFR-2025-AVI-0724
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar | QRadar Incident Forensics versions 7.5.x antérieures à QIF 7.5.0 UP13 IF01 | ||
| IBM | WebSphere Service Registry and Repository | WebSphere Service Registry and Repository versions 8.5 sans les derniers correctifs de sécurité | ||
| IBM | Sterling B2B Integrator | Sterling B2B Integrator versions 6.x antérieures à 6.2.1.1 | ||
| IBM | QRadar | QRadar Data Synchronization App versions antérieures à 3.2.2 | ||
| IBM | QRadar Log Source Management App | QRadar Log Source Management App versions antérieures à 7.0.12 | ||
| IBM | Sterling File Gateway | Sterling File Gateway versions 6.x antérieures à 6.2.1.1 | ||
| IBM | QRadar SIEM | QRadar SIEM QRadar versions 7.5.x antérieures à 7.5.0 UP13 IF01 | ||
| IBM | QRadar | SOAR QRadar Plugin App versions antérieures à 5.6.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar Incident Forensics versions 7.5.x ant\u00e9rieures \u00e0 QIF 7.5.0 UP13 IF01",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Service Registry and Repository versions 8.5 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere Service Registry and Repository",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator versions 6.x ant\u00e9rieures \u00e0 6.2.1.1",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Data Synchronization App versions ant\u00e9rieures \u00e0 3.2.2",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Log Source Management App versions ant\u00e9rieures \u00e0 7.0.12",
"product": {
"name": "QRadar Log Source Management App",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling File Gateway versions 6.x ant\u00e9rieures \u00e0 6.2.1.1",
"product": {
"name": "Sterling File Gateway",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM QRadar versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP13 IF01",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.6.2",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-32996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32996"
},
{
"name": "CVE-2025-36042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36042"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2025-48050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48050"
},
{
"name": "CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"name": "CVE-2024-11831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11831"
},
{
"name": "CVE-2025-6545",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6545"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2018-14732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14732"
},
{
"name": "CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"name": "CVE-2025-32997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32997"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2025-30360",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30360"
},
{
"name": "CVE-2025-33120",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33120"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2025-23184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-7339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2025-30359",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30359"
},
{
"name": "CVE-2025-6547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6547"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
}
],
"initial_release_date": "2025-08-22T00:00:00",
"last_revision_date": "2025-08-22T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0724",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-08-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242291",
"url": "https://www.ibm.com/support/pages/node/7242291"
},
{
"published_at": "2025-08-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242269",
"url": "https://www.ibm.com/support/pages/node/7242269"
},
{
"published_at": "2025-08-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242292",
"url": "https://www.ibm.com/support/pages/node/7242292"
},
{
"published_at": "2025-08-14",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242246",
"url": "https://www.ibm.com/support/pages/node/7242246"
},
{
"published_at": "2025-08-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242869",
"url": "https://www.ibm.com/support/pages/node/7242869"
},
{
"published_at": "2025-08-20",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242665",
"url": "https://www.ibm.com/support/pages/node/7242665"
}
]
}
CERTFR-2025-AVI-0530
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling File Gateway | Sterling File Gateway versions 6.2.0.x antérieures à 6.2.0.5 | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP12 IF02 | ||
| IBM | Sterling B2B Integrator | Sterling B2B Integrator versions 6.2.0.x antérieures à 6.2.0.5 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling File Gateway versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.5",
"product": {
"name": "Sterling File Gateway",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP12 IF02",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.5",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2025-24528",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24528"
},
{
"name": "CVE-2025-33117",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33117"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2024-53150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53150"
},
{
"name": "CVE-2016-9840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9840"
},
{
"name": "CVE-2020-11971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11971"
},
{
"name": "CVE-2025-33121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33121"
},
{
"name": "CVE-2020-13790",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13790"
},
{
"name": "CVE-2024-40906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40906"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2024-12087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12087"
},
{
"name": "CVE-2024-53141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53141"
},
{
"name": "CVE-2024-53241",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53241"
},
{
"name": "CVE-2025-36050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36050"
},
{
"name": "CVE-2024-43842",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43842"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2024-12747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12747"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2022-49011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49011"
},
{
"name": "CVE-2024-12088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12088"
},
{
"name": "CVE-2025-0395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0395"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
}
],
"initial_release_date": "2025-06-20T00:00:00",
"last_revision_date": "2025-06-20T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0530",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7237159",
"url": "https://www.ibm.com/support/pages/node/7237159"
},
{
"published_at": "2025-06-19",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7237316",
"url": "https://www.ibm.com/support/pages/node/7237316"
},
{
"published_at": "2025-06-19",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7237317",
"url": "https://www.ibm.com/support/pages/node/7237317"
}
]
}
CERTFR-2025-AVI-0370
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling B2B Integrator | IBM Sterling B2B Integrator versions 6.1.x antérieures à 6.1.1.0 | ||
| IBM | VIOS | VIOS se référer au site de l'éditeur pour les versions vulnérables, cf. section Documentation | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.1.x antérieures à 12.1.0 IF1 | ||
| IBM | Cognos PowerPlay | Cognos PowerPlay versions 12.1.x antérieures à 12.1.0 IF1 | ||
| IBM | Sterling B2B Integrator | IBM Sterling B2B Integrator versions antérieures à 6.0.0.7 | ||
| IBM | Cognos Transformer | Cognos Transformer versions 11.2.x antérieures à 11.2.4 FP5 | ||
| IBM | Cognos Transformer | Cognos Transformer versions 12.1.x antérieures à 12.1.0 IF1 | ||
| IBM | Sterling B2B Integrator | IBM Sterling B2B Integrator versions 6.1.0.x antérieures à 6.1.0.3 | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP11 IF04 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4.5 IF5 | ||
| IBM | WebSphere Automation | WebSphere Automation versions antérieures à 1.8.2 | ||
| IBM | Sterling B2B Integrator | IBM Sterling B2B Integrator versions 6.0.3.x antérieures à 6.0.3.5 | ||
| IBM | AIX | AIX se référer au site de l'éditeur pour les versions vulnérables, cf. section Documentation | ||
| IBM | Cognos Transformer | Cognos Transformer versions 12.0.x antérieures à 12.0.4 IF3 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.4 IF3 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Sterling B2B Integrator versions 6.1.x ant\u00e9rieures \u00e0 6.1.1.0",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS se r\u00e9f\u00e9rer au site de l\u0027\u00e9diteur pour les versions vuln\u00e9rables, cf. section Documentation",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.1.x ant\u00e9rieures \u00e0 12.1.0 IF1",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos PowerPlay versions 12.1.x ant\u00e9rieures \u00e0 12.1.0 IF1",
"product": {
"name": "Cognos PowerPlay",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling B2B Integrator versions ant\u00e9rieures \u00e0 6.0.0.7",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Transformer versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP5",
"product": {
"name": "Cognos Transformer",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Transformer versions 12.1.x ant\u00e9rieures \u00e0 12.1.0 IF1",
"product": {
"name": "Cognos Transformer",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling B2B Integrator versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.3",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP11 IF04",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4.5 IF5",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Automation versions ant\u00e9rieures \u00e0 1.8.2",
"product": {
"name": "WebSphere Automation",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling B2B Integrator versions 6.0.3.x ant\u00e9rieures \u00e0 6.0.3.5",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX se r\u00e9f\u00e9rer au site de l\u0027\u00e9diteur pour les versions vuln\u00e9rables, cf. section Documentation",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Transformer versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 IF3",
"product": {
"name": "Cognos Transformer",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 IF3",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2016-6797",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6797"
},
{
"name": "CVE-2016-8735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8735"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2020-8022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8022"
},
{
"name": "CVE-2011-3190",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3190"
},
{
"name": "CVE-2017-9047",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
},
{
"name": "CVE-2025-24813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24813"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2022-49043",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
},
{
"name": "CVE-2016-0714",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0714"
},
{
"name": "CVE-2024-11218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11218"
},
{
"name": "CVE-2014-0230",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0230"
},
{
"name": "CVE-2024-53197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
},
{
"name": "CVE-2013-2185",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2185"
},
{
"name": "CVE-2006-7197",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-7197"
},
{
"name": "CVE-2024-40695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40695"
},
{
"name": "CVE-2024-57807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57807"
},
{
"name": "CVE-2025-21785",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21785"
},
{
"name": "CVE-2016-6816",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6816"
},
{
"name": "CVE-2024-57979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57979"
},
{
"name": "CVE-2016-5018",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5018"
},
{
"name": "CVE-2023-52922",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52922"
},
{
"name": "CVE-2024-51466",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51466"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2017-5647",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5647"
},
{
"name": "CVE-2025-0624",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0624"
},
{
"name": "CVE-2016-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5388"
},
{
"name": "CVE-2016-6796",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6796"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
}
],
"initial_release_date": "2025-05-02T00:00:00",
"last_revision_date": "2025-05-02T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0370",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-04-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6495961",
"url": "https://www.ibm.com/support/pages/node/6495961"
},
{
"published_at": "2025-04-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7231738",
"url": "https://www.ibm.com/support/pages/node/7231738"
},
{
"published_at": "2025-04-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7231815",
"url": "https://www.ibm.com/support/pages/node/7231815"
},
{
"published_at": "2025-04-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7231900",
"url": "https://www.ibm.com/support/pages/node/7231900"
},
{
"published_at": "2025-04-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7179496",
"url": "https://www.ibm.com/support/pages/node/7179496"
},
{
"published_at": "2025-04-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7231901",
"url": "https://www.ibm.com/support/pages/node/7231901"
},
{
"published_at": "2025-04-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7231915",
"url": "https://www.ibm.com/support/pages/node/7231915"
},
{
"published_at": "2025-04-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7232177",
"url": "https://www.ibm.com/support/pages/node/7232177"
}
]
}
CVE-2026-1264 (GCVE-0-2026-1264)
Vulnerability from cvelistv5
Published
2026-03-17 22:41
Modified
2026-03-18 20:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing authentication for critical function
Summary
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 allows a remote unauthenticated attacker to view and delete the partners of a community and to delete the communities.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling B2B Integrator |
Version: 6.1.0.0 ≤ 6.1.2.7_2 Version: 6.2.0.0 ≤ 6.2.0.5_1 Version: 6.2.1.0 ≤ 6.2.1.1_1 Version: 6.2.2.0 cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1264",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-18T20:15:50.295438Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-18T20:15:57.388Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:*:*:*:*"
],
"product": "Sterling B2B Integrator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.7_2",
"status": "affected",
"version": "6.1.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.5_1",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.1.1_1",
"status": "affected",
"version": "6.2.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "6.2.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Sterling B2B Integrator\u0026nbsp;\u003cspan\u003eand IBM Sterling File Gateway\u0026nbsp;\u003c/span\u003e\u003cspan\u003e6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 allows a remote unauthenticated attacker to view and delete the partners of a community and to delete the communities.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "IBM Sterling B2B Integrator\u00a0and IBM Sterling File Gateway\u00a06.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 allows a remote unauthenticated attacker to view and delete the partners of a community and to delete the communities."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing authentication for critical function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-17T22:41:42.874Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7266518"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes Product Version APAR Remediation \u0026amp; Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48934 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48934 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48934 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48934 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry.\u003c/p\u003e"
}
],
"value": "Remediation/Fixes Product Version APAR Remediation \u0026 Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48934 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48934 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48934 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48934 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry."
}
],
"title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway Improper Access Controls",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-1264",
"datePublished": "2026-03-17T22:41:42.874Z",
"dateReserved": "2026-01-20T21:20:46.428Z",
"dateUpdated": "2026-03-18T20:15:57.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14031 (GCVE-0-2025-14031)
Vulnerability from cvelistv5
Published
2026-03-17 22:41
Modified
2026-03-18 20:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Summary
IBM Sterling B2B Integrator and and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could allow an unauthenticated attacker to send a specially crafted request that causes the application to crash.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling B2B Integrator |
Version: 6.1.0.0 ≤ 6.1.2.7_2 Version: 6.2.0.0 ≤ 6.2.0.5_1 Version: 6.2.1.0 ≤ 6.2.1.1_1 Version: 6.2.2.0 cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14031",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-18T20:15:31.145101Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-18T20:15:38.036Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:*:*:*:*"
],
"product": "Sterling B2B Integrator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.7_2",
"status": "affected",
"version": "6.1.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.5_1",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.1.1_1",
"status": "affected",
"version": "6.2.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "6.2.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Sterling B2B Integrator and\u0026nbsp;\u003cspan\u003eand IBM Sterling File Gateway\u0026nbsp;\u003c/span\u003e\u003cspan\u003e6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could allow an unauthenticated attacker to send a specially crafted request that causes the application to crash.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "IBM Sterling B2B Integrator and\u00a0and IBM Sterling File Gateway\u00a06.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could allow an unauthenticated attacker to send a specially crafted request that causes the application to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-17T22:41:41.536Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7266520"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes Product Version APAR Remediation \u0026amp; Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48828 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48828 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48828 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48828 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry.\u003c/p\u003e"
}
],
"value": "Remediation/Fixes Product Version APAR Remediation \u0026 Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48828 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48828 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48828 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48828 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry."
}
],
"title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway Denial of Service",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-14031",
"datePublished": "2026-03-17T22:41:41.536Z",
"dateReserved": "2025-12-04T14:47:49.654Z",
"dateUpdated": "2026-03-18T20:15:38.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36368 (GCVE-0-2025-36368)
Vulnerability from cvelistv5
Published
2026-03-13 19:35
Modified
2026-03-16 13:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, and 6.2.1.0 through 6.2.1.1_1 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling B2B Integrator |
Version: 6.1.0.0 ≤ 6.1.2.7_2 Version: 6.2.0.0 ≤ 6.2.0.5_1 Version: 6.2.1.0 ≤ 6.2.1.1_1 cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36368",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-16T13:35:12.731590Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T13:36:43.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*"
],
"product": "Sterling B2B Integrator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.7_2",
"status": "affected",
"version": "6.1.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.5_1",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.1.1_1",
"status": "affected",
"version": "6.2.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, and 6.2.1.0 through 6.2.1.1_1 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.\u003c/p\u003e"
}
],
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, and 6.2.1.0 through 6.2.1.1_1 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-13T19:36:14.607Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7263324"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes Product Version APAR Remediation \u0026amp; Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48640 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48640 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48640 Apply B2Bi 6.2.1.1_2 or 6.2.2.0 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0 are available in IBM Entitled Registry.\u003c/p\u003e"
}
],
"value": "Remediation/Fixes Product Version APAR Remediation \u0026 Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48640 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48640 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48640 Apply B2Bi 6.2.1.1_2 or 6.2.2.0 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0 are available in IBM Entitled Registry."
}
],
"title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway SQL Injection",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36368",
"datePublished": "2026-03-13T19:35:46.030Z",
"dateReserved": "2025-04-15T21:16:55.332Z",
"dateUpdated": "2026-03-16T13:36:43.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-40693 (GCVE-0-2023-40693)
Vulnerability from cvelistv5
Published
2026-03-13 19:25
Modified
2026-03-13 19:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
Summary
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, and 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling B2B Integrator |
Version: 6.1.0.0 ≤ 6.1.2.7_2 Version: 6.2.0.0 ≤ 6.2.0.5_1 Version: 6.2.1.0 ≤ 6.2.1.1_1 cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40693",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-13T19:44:12.134805Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-13T19:44:18.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*"
],
"product": "Sterling B2B Integrator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.7_2",
"status": "affected",
"version": "6.1.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.5_1",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.1.1_1",
"status": "affected",
"version": "6.2.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Sterling B2B Integrator\u0026nbsp;\u003cspan\u003eand IBM Sterling File Gateway\u0026nbsp;\u003c/span\u003e\u003cspan\u003e6.1.0.0 through 6.1.2.7_2, and 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1 are\u003c/span\u003e\u003cspan\u003e\u0026nbsp;vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "IBM Sterling B2B Integrator\u00a0and IBM Sterling File Gateway\u00a06.1.0.0 through 6.1.2.7_2, and 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1 are\u00a0vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-13T19:25:02.688Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7263329"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes Product Version APAR Remediation \u0026amp; Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48832 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48832 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48832 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48832 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry.\u003c/p\u003e"
}
],
"value": "Remediation/Fixes Product Version APAR Remediation \u0026 Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48832 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48832 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48832 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48832 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry."
}
],
"title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway Cross-Site Scripting",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-40693",
"datePublished": "2026-03-13T19:25:02.688Z",
"dateReserved": "2023-08-18T15:48:17.571Z",
"dateUpdated": "2026-03-13T19:44:18.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14483 (GCVE-0-2025-14483)
Vulnerability from cvelistv5
Published
2026-03-13 19:15
Modified
2026-03-13 19:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-201 - Insertion of Sensitive Information Into Sent Data
Summary
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could disclose sensitive host information to authenticated users in responses that could be used in further attacks against the system.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling B2B Integrator |
Version: 6.1.0.0 ≤ 6.1.2.7_2 Version: 6.2.0.0 ≤ 6.2.0.5_1 Version: 6.2.1.0 ≤ 6.2.1.1_1 Version: 6.2.2.0 ≤ cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14483",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-13T19:37:22.913106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-13T19:37:32.919Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:*:*:*:*"
],
"product": "Sterling B2B Integrator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.7_2",
"status": "affected",
"version": "6.1.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.5_1",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.1.1_1",
"status": "affected",
"version": "6.2.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "6.2.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Sterling B2B Integrator\u0026nbsp;\u003cspan\u003eand IBM Sterling File Gateway\u0026nbsp;\u003c/span\u003e\u003cspan\u003e6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could disclose sensitive host information to authenticated users in responses that could be used in further attacks against the system.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "IBM Sterling B2B Integrator\u00a0and IBM Sterling File Gateway\u00a06.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could disclose sensitive host information to authenticated users in responses that could be used in further attacks against the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201 Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-13T19:15:11.844Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7263329"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes Product Version APAR Remediation \u0026amp; Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48832 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48832 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48832 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48832 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry.\u003c/p\u003e"
}
],
"value": "Remediation/Fixes Product Version APAR Remediation \u0026 Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48832 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48832 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48832 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48832 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry."
}
],
"title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway Information Disclosure",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-14483",
"datePublished": "2026-03-13T19:15:11.844Z",
"dateReserved": "2025-12-10T20:02:45.446Z",
"dateUpdated": "2026-03-13T19:37:32.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14504 (GCVE-0-2025-14504)
Vulnerability from cvelistv5
Published
2026-03-13 19:08
Modified
2026-03-13 19:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Sterling B2B Integrator |
Version: 6.1.0.0 ≤ 6.1.2.7_2 Version: 6.2.0.0 ≤ 6.2.0.5_1 Version: 6.2.1.0 ≤ 6.2.1.1_1 Version: 6.2.2.0 cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14504",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-13T19:36:58.233817Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-13T19:37:07.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:*:*:*:*"
],
"product": "Sterling B2B Integrator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.7_2",
"status": "affected",
"version": "6.1.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.5_1",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.1.1_1",
"status": "affected",
"version": "6.2.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "6.2.2.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:standard:*:*:*"
],
"product": "Sterling File Gateway",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.7_2",
"status": "affected",
"version": "6.1.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.5_1",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.1.1_1",
"status": "affected",
"version": "6.2.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "6.2.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/p\u003e"
}
],
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-13T19:08:37.702Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7263327"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes Product Version APAR Remediation \u0026amp; Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48563 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48563 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48563 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48563 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry.\u003c/p\u003e"
}
],
"value": "Remediation/Fixes Product Version APAR Remediation \u0026 Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48563 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48563 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48563 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48563 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry."
}
],
"title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway Cross-Site Scripting",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-14504",
"datePublished": "2026-03-13T19:08:37.702Z",
"dateReserved": "2025-12-10T21:49:00.798Z",
"dateUpdated": "2026-03-13T19:37:07.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0835 (GCVE-0-2026-0835)
Vulnerability from cvelistv5
Published
2026-03-13 18:57
Modified
2026-03-13 19:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
Summary
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling B2B Integrator |
Version: 6.1.0.0 ≤ 6.1.2.7_2 Version: 6.2.0.0 ≤ 6.2.0.5_1 Version: 6.2.1.0 ≤ 6.2.1.1_1 Version: 6.2.2.0 ≤ cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:standard:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0835",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-13T19:36:29.900119Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-13T19:36:39.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:standard:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling B2B Integrator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.7_2",
"status": "affected",
"version": "6.1.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.5_1",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.1.1_1",
"status": "affected",
"version": "6.2.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "6.2.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through\u0026nbsp;6.1.2.7_2,\u0026nbsp;6.2.0.0 through\u0026nbsp;6.2.0.5_1, 6.2.1.0 through\u0026nbsp;6.2.1.1_1, and 6.2.2.0 are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through\u00a06.1.2.7_2,\u00a06.2.0.0 through\u00a06.2.0.5_1, 6.2.1.0 through\u00a06.2.1.1_1, and 6.2.2.0 are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-13T19:01:09.073Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7263326"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eVersion\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eRemediation \u0026amp; Fix\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.1.0.0 - 6.1.2.7_2\u003c/td\u003e\u003ctd\u003eIT48958 \u0026nbsp;\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.0.0 - 6.2.0.5_1\u003c/td\u003e\u003ctd\u003eIT48958 \u0026nbsp;\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.1.0 - 6.2.1.1_1\u003c/td\u003e\u003ctd\u003eIT48958 \u0026nbsp;\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.1.1_2 or 6.2.2.0_1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.2.0\u003c/td\u003e\u003ctd\u003eIT48958\u0026nbsp;\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.2.0_1\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cdiv\u003e\u003cp\u003eThe IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on\u0026nbsp;\u003ca href=\"http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware\u0026amp;product=ibm/Other+software/Sterling+B2B+Integrator\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=all\" target=\"_blank\" rel=\"noopener noreferrer nofollow\"\u003eFix Central\u003c/a\u003e.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry.\u003c/p\u003e\u003c/div\u003e"
}
],
"value": "ProductVersionAPARRemediation \u0026 FixIBM Sterling B2B Integrator and IBM Sterling File Gateway6.1.0.0 - 6.1.2.7_2IT48958 \u00a0Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.0.0 - 6.2.0.5_1IT48958 \u00a0Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.1.0 - 6.2.1.1_1IT48958 \u00a0Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.2.0IT48958\u00a0Apply B2Bi 6.2.2.0_1The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on\u00a0 Fix Central http://www-933.ibm.com/support/fixcentral/swg/selectFixes .\u00a0\n\nThe container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-0835",
"datePublished": "2026-03-13T18:57:35.435Z",
"dateReserved": "2026-01-09T23:27:35.566Z",
"dateUpdated": "2026-03-13T19:36:39.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36348 (GCVE-0-2025-36348)
Vulnerability from cvelistv5
Published
2026-02-17 21:31
Modified
2026-02-18 20:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Summary
IBM Sterling B2B Integrator versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1, and IBM Sterling File Gateway versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1 may expose sensitive information to a remote privileged attacker due to the application returning detailed technical error messages in the browser.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Sterling B2B Integrator |
Version: 6.1.0.0 ≤ 6.1.2.7_2 Version: 6.2.0.0 ≤ 6.2.0.5 Version: 6.2.1.0 ≤ 6.2.1.1 cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36348",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T20:37:42.475767Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T20:37:54.678Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1:*:*:*:*:*:*:*"
],
"product": "Sterling B2B Integrator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.7_2",
"status": "affected",
"version": "6.1.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.5",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.1.1",
"status": "affected",
"version": "6.2.1.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:sterling_file_gateway:6.1.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7_2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.2.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.2.1.1:*:*:*:*:*:*:*"
],
"product": "Sterling File Gateway",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.7_2",
"status": "affected",
"version": "6.1.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.5",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.1.1",
"status": "affected",
"version": "6.2.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eIBM Sterling B2B Integrator versions \u003cstrong\u003e6.1.0.0 through 6.1.2.7_2\u003c/strong\u003e, \u003cstrong\u003e6.2.0.0 through 6.2.0.5\u003c/strong\u003e, and \u003cstrong\u003e6.2.1.0 through 6.2.1.1\u003c/strong\u003e, and IBM Sterling File Gateway versions \u003cstrong\u003e6.1.0.0 through 6.1.2.7_2\u003c/strong\u003e, \u003cstrong\u003e6.2.0.0 through 6.2.0.5\u003c/strong\u003e, and \u003cstrong\u003e6.2.1.0 through 6.2.1.1\u003c/strong\u003e\u0026nbsp;may expose sensitive information to a remote privileged attacker due to the application returning detailed technical error messages in the browser.\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "IBM Sterling B2B Integrator versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1, and IBM Sterling File Gateway versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1\u00a0may expose sensitive information to a remote privileged attacker due to the application returning detailed technical error messages in the browser."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T21:31:30.418Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7259769"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cbr\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eVersion\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eRemediation \u0026amp; Fix\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.1.0.0 - 6.1.2.7_2\u003c/td\u003e\u003ctd\u003eIT48562\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.1.2.8, 6.2.0.5_1, 6.2.1.1_1 or 6.2.2.0\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.0.0 - 6.2.0.5\u003c/td\u003e\u003ctd\u003eIT48562\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.0.5_1, 6.2.1.1_1 or 6.2.2.0\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.1.0 - 6.2.1.1\u003c/td\u003e\u003ctd\u003eIT48562\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.1.1_1 or 6.2.2.0\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e"
}
],
"value": "ProductVersionAPARRemediation \u0026 FixIBM Sterling B2B Integrator and IBM Sterling File Gateway6.1.0.0 - 6.1.2.7_2IT48562Apply B2Bi 6.1.2.8, 6.2.0.5_1, 6.2.1.1_1 or 6.2.2.0IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.0.0 - 6.2.0.5IT48562Apply B2Bi 6.2.0.5_1, 6.2.1.1_1 or 6.2.2.0IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.1.0 - 6.2.1.1IT48562Apply B2Bi 6.2.1.1_1 or 6.2.2.0"
}
],
"title": "The Dashboard of IBM Sterling B2B Integrator and IBM Sterling File Gateway is Vulnerable to Information Disclosure",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36348",
"datePublished": "2026-02-17T21:31:30.418Z",
"dateReserved": "2025-04-15T21:16:53.302Z",
"dateUpdated": "2026-02-18T20:37:54.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36134 (GCVE-0-2025-36134)
Vulnerability from cvelistv5
Published
2025-11-25 14:40
Modified
2025-11-25 14:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Sterling B2B Integrator |
Version: 6.0.0.0 ≤ 6.1.2.7 Version: 6.2.0.0 ≤ 6.2.0.5 Version: 6.2.1.1 ≤ cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36134",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-25T14:48:40.567416Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T14:49:21.608Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling B2B Integrator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.7",
"status": "affected",
"version": "6.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.5",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "6.2.1.1",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling File Gateway",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.7",
"status": "affected",
"version": "6.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.5",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "6.2.1.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1\u00a0could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1275",
"description": "CWE-1275",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T14:40:55.959Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7252210"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eVersion\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eRemediation\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.0.0.0 - 6.1.2.7_1\u003c/td\u003e\u003ctd\u003eIT48345\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.1.2.7_2, 6.2.0.5_1 or 6.2.1.1_1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.0.0 - 6.2.0.5\u003c/td\u003e\u003ctd\u003eIT48345\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.0.5_1 or 6.2.1.1_1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.1.1\u003c/td\u003e\u003ctd\u003eIT48345\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.1.1_1\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe IIM versions of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1_1 are available on \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware\u0026amp;product=ibm/Other+software/Sterling+B2B+Integrator\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=all\"\u003eFix Central\u003c/a\u003e. \u003c/p\u003e\u003cp\u003eThe container version of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1_1 are available in IBM Entitled Registry.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "ProductVersionAPARRemediationIBM Sterling B2B Integrator and IBM Sterling File Gateway6.0.0.0 - 6.1.2.7_1IT48345Apply B2Bi 6.1.2.7_2, 6.2.0.5_1 or 6.2.1.1_1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.0.0 - 6.2.0.5IT48345Apply B2Bi 6.2.0.5_1 or 6.2.1.1_1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.1.1IT48345Apply B2Bi 6.2.1.1_1\n\n\u00a0\n\nThe IIM versions of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1_1 are available on Fix Central http://www-933.ibm.com/support/fixcentral/swg/selectFixes . \n\nThe container version of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1_1 are available in IBM Entitled Registry."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36134",
"datePublished": "2025-11-25T14:40:55.959Z",
"dateReserved": "2025-04-15T21:16:19.008Z",
"dateUpdated": "2025-11-25T14:49:21.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36112 (GCVE-0-2025-36112)
Vulnerability from cvelistv5
Published
2025-11-24 18:25
Modified
2025-11-24 18:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could reveal sensitive server IP configuration information to an unauthorized user.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Sterling B2B Integrator |
Version: 6.0.0.0 ≤ 6.1.2.7 Version: 6.2.0.0 ≤ 6.2.0.5 Version: 6.2.1.1 cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36112",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-24T18:58:11.252178Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T18:58:40.859Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling B2B Integrator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.7",
"status": "affected",
"version": "6.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.5",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "6.2.1.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling File Gateway",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.7",
"status": "affected",
"version": "6.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.5",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "6.2.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould reveal sensitive server IP configuration information to an unauthorized user.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1\u00a0could reveal sensitive server IP configuration information to an unauthorized user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T18:25:03.423Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7252197"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eVersion\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eRemediation\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.0.0.0 - 6.1.2.7_1\u003c/td\u003e\u003ctd\u003eIT48308\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.1.2.7_2, 6.2.0.5_1 or 6.2.1.1_1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.0.0 - 6.2.0.5\u003c/td\u003e\u003ctd\u003eIT48308\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.0.5_1 or 6.2.1.1_1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.1.1\u003c/td\u003e\u003ctd\u003eIT48308\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.1.1_1\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e \u003cbr\u003e\u003cp\u003eThe IIM versions of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1_1 are available on \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware\u0026amp;product=ibm/Other+software/Sterling+B2B+Integrator\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=all\"\u003eFix Central\u003c/a\u003e. \u003c/p\u003e\u003cp\u003eThe container version of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1_1 are available in IBM Entitled Registry.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "ProductVersionAPARRemediationIBM Sterling B2B Integrator and IBM Sterling File Gateway6.0.0.0 - 6.1.2.7_1IT48308Apply B2Bi 6.1.2.7_2, 6.2.0.5_1 or 6.2.1.1_1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.0.0 - 6.2.0.5IT48308Apply B2Bi 6.2.0.5_1 or 6.2.1.1_1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.1.1IT48308Apply B2Bi 6.2.1.1_1\n \nThe IIM versions of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1_1 are available on Fix Central http://www-933.ibm.com/support/fixcentral/swg/selectFixes . \n\nThe container version of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1_1 are available in IBM Entitled Registry."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36112",
"datePublished": "2025-11-24T18:25:03.423Z",
"dateReserved": "2025-04-15T21:16:17.123Z",
"dateUpdated": "2025-11-24T18:58:40.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36135 (GCVE-0-2025-36135)
Vulnerability from cvelistv5
Published
2025-11-07 18:26
Modified
2025-11-07 18:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Sterling B2B Integrator |
Version: 6.0.0.0 ≤ 6.1.2.7_1 Version: 6.2.0.0 ≤ 6.2.0.5 Version: 6.2.1.0 cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_1:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36135",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-07T18:46:55.714881Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T18:47:27.813Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling B2B Integrator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.7_1",
"status": "affected",
"version": "6.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.5",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "6.2.1.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7_1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling File Gateway",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.7_1",
"status": "affected",
"version": "6.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.5",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "6.2.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/p\u003e"
}
],
"value": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T18:26:57.845Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7250509"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes Product Version APAR Remediation \u0026amp; Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 - 6.1.2.7_1 IT48350 Apply B2Bi 6.1.2.7_2. 6.2.0.5_1 or 6.2.1.1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5 IT48350 Apply B2Bi 6.2.0.5_1 or 6.2.1.1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 IT48350 Apply B2Bi 6.2.1.1 The IIM versions of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1 are available on Fix Central . The container version of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1 are available in IBM Entitled Registry.\u003c/p\u003e"
}
],
"value": "Remediation/Fixes Product Version APAR Remediation \u0026 Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 - 6.1.2.7_1 IT48350 Apply B2Bi 6.1.2.7_2. 6.2.0.5_1 or 6.2.1.1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5 IT48350 Apply B2Bi 6.2.0.5_1 or 6.2.1.1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 IT48350 Apply B2Bi 6.2.1.1 The IIM versions of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1 are available on Fix Central . The container version of 6.1.2.7_2, 6.2.0.5_1 and 6.2.1.1 are available in IBM Entitled Registry."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to Cross-Site Scripting",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36135",
"datePublished": "2025-11-07T18:26:57.845Z",
"dateReserved": "2025-04-15T21:16:19.008Z",
"dateUpdated": "2025-11-07T18:47:27.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36002 (GCVE-0-2025-36002)
Vulnerability from cvelistv5
Published
2025-10-16 14:54
Modified
2025-10-25 02:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-260 - Password in Configuration File
Summary
IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5, and 6.2.1.0 stores user credentials in configuration files which can be read by a local user.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Sterling B2B Integrator |
Version: 6.2.0.0 ≤ 6.2.0.5 Version: 6.2.1.0 ≤ cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36002",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T16:06:34.404561Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256 Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T16:06:38.590Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling B2B Integrator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.2.0.5",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "6.2.1.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.2.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling File Gateway",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.2.0.5",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "6.2.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5, and 6.2.1.0 stores user credentials in configuration files which can be read by a local user.\u003c/p\u003e"
}
],
"value": "IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5, and 6.2.1.0 stores user credentials in configuration files which can be read by a local user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-260",
"description": "CWE-260 Password in Configuration File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-25T02:02:53.477Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7248129"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.0.0 - 6.2.0.5\u003c/td\u003e\u003ctd\u003eIT48063\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.0.5_1 or 6.2.1.1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.1.0\u003c/td\u003e\u003ctd\u003eIT48063\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.1.1\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.0.0 - 6.2.0.5IT48063Apply B2Bi 6.2.0.5_1 or 6.2.1.1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.1.0IT48063Apply B2Bi 6.2.1.1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling B2B Integrator information disclosure",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36002",
"datePublished": "2025-10-16T14:54:53.914Z",
"dateReserved": "2025-04-15T21:16:05.532Z",
"dateUpdated": "2025-10-25T02:02:53.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2667 (GCVE-0-2025-2667)
Vulnerability from cvelistv5
Published
2025-09-04 14:45
Modified
2025-09-04 15:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Summary
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 could disclose sensitive system information about the server to a privileged user that could aid in further attacks against the system.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Sterling B2B Integrator |
Version: 6.0.0.0 ≤ 6.1.2.7_1 Version: 6.2.0.0 ≤ 6.2.0.4 cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_1:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2667",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-04T15:04:59.460230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-04T15:06:16.676Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling B2B Integrator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.7_1",
"status": "affected",
"version": "6.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.4",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7_1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling File Gateway",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.7_1",
"status": "affected",
"version": "6.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.4",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 could disclose sensitive system information about the server to a privileged user that could aid in further attacks against the system."
}
],
"value": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 could disclose sensitive system information about the server to a privileged user that could aid in further attacks against the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-04T14:45:23.819Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7244021"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003eVersion\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eRemediation \u0026amp; Fix\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.0.0.0 - 6.1.2.7_1\u003c/td\u003e\u003ctd\u003eIT47981\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.1.2.7_2. 6.2.0.5 or 6.2.1.1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.0.0 - 6.2.0.4\u003c/td\u003e\u003ctd\u003eIT47981\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.0.5 or 6.2.1.1\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe IIM versions of 6.1.2.7_2, 6.2.0.5 and 6.2.1.1 are available on \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware\u0026amp;product=ibm/Other+software/Sterling+B2B+Integrator\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=all\"\u003eFix Central\u003c/a\u003e. \u003c/p\u003e\u003cp\u003eThe container version of 6.1.2.7_2, 6.2.0.5 and 6.2.1.1 are available in IBM Entitled Registry.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "VersionAPARRemediation \u0026 FixIBM Sterling B2B Integrator and IBM Sterling File Gateway6.0.0.0 - 6.1.2.7_1IT47981Apply B2Bi 6.1.2.7_2. 6.2.0.5 or 6.2.1.1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.0.0 - 6.2.0.4IT47981Apply B2Bi 6.2.0.5 or 6.2.1.1\n\n\u00a0\n\nThe IIM versions of 6.1.2.7_2, 6.2.0.5 and 6.2.1.1 are available on Fix Central http://www-933.ibm.com/support/fixcentral/swg/selectFixes . \n\nThe container version of 6.1.2.7_2, 6.2.0.5 and 6.2.1.1 are available in IBM Entitled Registry."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling B2B Integrator information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-2667",
"datePublished": "2025-09-04T14:45:23.819Z",
"dateReserved": "2025-03-22T13:41:32.620Z",
"dateUpdated": "2025-09-04T15:06:16.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2694 (GCVE-0-2025-2694)
Vulnerability from cvelistv5
Published
2025-09-04 14:43
Modified
2025-09-04 15:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Sterling B2B Integrator |
Version: 6.0.0.0 ≤ 6.1.2.7_1 Version: 6.2.0.0 ≤ 6.2.0.4 cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_1:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2694",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-04T14:59:45.837788Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-04T15:02:53.828Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling B2B Integrator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.7_1",
"status": "affected",
"version": "6.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.4",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7_1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling File Gateway",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.7_1",
"status": "affected",
"version": "6.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.4",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-04T14:43:26.848Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7244023"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cbr\u003eVersion\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eRemediation \u0026amp; Fix\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.0.0.0 - 6.1.2.7_1\u003c/td\u003e\u003ctd\u003eIT47981\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.1.2.7_2. 6.2.0.5 or 6.2.1.1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.0.0 - 6.2.0.4\u003c/td\u003e\u003ctd\u003eIT47981\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.0.5 or 6.2.1.1\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe IIM versions of 6.1.2.7_2, 6.2.0.5 and 6.2.1.1 are available on \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware\u0026amp;product=ibm/Other+software/Sterling+B2B+Integrator\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=all\"\u003eFix Central\u003c/a\u003e. \u003c/p\u003e\u003cp\u003eThe container version of 6.1.2.7_2, 6.2.0.5 and 6.2.1.1 are available in IBM Entitled Registry.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "VersionAPARRemediation \u0026 FixIBM Sterling B2B Integrator and IBM Sterling File Gateway6.0.0.0 - 6.1.2.7_1IT47981Apply B2Bi 6.1.2.7_2. 6.2.0.5 or 6.2.1.1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.0.0 - 6.2.0.4IT47981Apply B2Bi 6.2.0.5 or 6.2.1.1\n\n\u00a0\n\nThe IIM versions of 6.1.2.7_2, 6.2.0.5 and 6.2.1.1 are available on Fix Central http://www-933.ibm.com/support/fixcentral/swg/selectFixes . \n\nThe container version of 6.1.2.7_2, 6.2.0.5 and 6.2.1.1 are available in IBM Entitled Registry."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling B2B Integrator cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-2694",
"datePublished": "2025-09-04T14:43:26.848Z",
"dateReserved": "2025-03-23T14:38:43.348Z",
"dateUpdated": "2025-09-04T15:02:53.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2988 (GCVE-0-2025-2988)
Vulnerability from cvelistv5
Published
2025-08-19 19:15
Modified
2025-08-19 19:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Summary
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.4, and 6.2.1.0 could disclose sensitive server information to an unauthorized user that could aid in further attacks against the system.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Sterling B2B Integrator |
Version: 6.0.0.0 ≤ 6.1.2.7 Version: 6.2.0.0 ≤ 6.2.0.4 Version: 6.2.1.0 cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2988",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-19T19:32:38.788840Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T19:35:55.065Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling B2B Integrator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.7",
"status": "affected",
"version": "6.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.4",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "6.2.1.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.2.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling File Gateway",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.7",
"status": "affected",
"version": "6.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.4",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "6.2.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.4, and 6.2.1.0 could disclose sensitive server information to an unauthorized user that could aid in further attacks against the system."
}
],
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.4, and 6.2.1.0 could disclose sensitive server information to an unauthorized user that could aid in further attacks against the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T19:15:58.525Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7242391"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eVersion\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eRemediation \u0026amp; Fix\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.0.0.0 - 6.1.2.7\u003c/td\u003e\u003ctd\u003eIT48437\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.1.2.7_1. 6.2.0.5 or 6.2.1.1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway\u003c/td\u003e\u003ctd\u003e6.2.0.0 - 6.2.0.4, 6.2.1.0\u003c/td\u003e\u003ctd\u003eIT48437\u003c/td\u003e\u003ctd\u003eApply B2Bi 6.2.0.5 or 6.2.1.1\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e"
}
],
"value": "ProductVersionAPARRemediation \u0026 FixIBM Sterling B2B Integrator and IBM Sterling File Gateway6.0.0.0 - 6.1.2.7IT48437Apply B2Bi 6.1.2.7_1. 6.2.0.5 or 6.2.1.1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.0.0 - 6.2.0.4, 6.2.1.0IT48437Apply B2Bi 6.2.0.5 or 6.2.1.1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-2988",
"datePublished": "2025-08-19T19:15:58.525Z",
"dateReserved": "2025-03-30T12:39:19.574Z",
"dateUpdated": "2025-08-19T19:35:55.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-33008 (GCVE-0-2025-33008)
Vulnerability from cvelistv5
Published
2025-08-19 19:03
Modified
2025-08-19 19:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
IBM Sterling B2B Integrator 6.2.1.0 and IBM Sterling File Gateway 6.2.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Sterling B2B Integrator |
Version: 6.2.1.0 cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33008",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-19T19:47:57.329892Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T19:48:02.651Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling B2B Integrator",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.2.1.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:sterling_file_gateway:6.2.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling File Gateway",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.2.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling B2B Integrator 6.2.1.0 and IBM Sterling File Gateway\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e6.2.1.0\u0026nbsp;is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/span\u003e"
}
],
"value": "IBM Sterling B2B Integrator 6.2.1.0 and IBM Sterling File Gateway\u00a06.2.1.0\u00a0is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T19:03:36.978Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7242392"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 IT48436 6.2.1.1\u003cbr\u003e"
}
],
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 IT48436 6.2.1.1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33008",
"datePublished": "2025-08-19T19:03:36.978Z",
"dateReserved": "2025-04-15T09:48:49.854Z",
"dateUpdated": "2025-08-19T19:48:02.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-33014 (GCVE-0-2025-33014)
Vulnerability from cvelistv5
Published
2025-07-18 18:51
Modified
2025-08-18 01:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1022 - Use of Web Link to Untrusted Target with window.opener Access
Summary
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.4 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Sterling B2B Integrator |
Version: 6.0.0.0 ≤ 6.1.2.7 Version: 6.2.0.0 ≤ 6.2.0.4 cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33014",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T14:51:57.653379Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T14:52:03.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling B2B Integrator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.7",
"status": "affected",
"version": "6.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.4",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling File Gateway",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.7",
"status": "affected",
"version": "6.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.4",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.4\u0026nbsp;uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims\u2019 web browser."
}
],
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.4\u00a0uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims\u2019 web browser."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1022",
"description": "CWE-1022 Use of Web Link to Untrusted Target with window.opener Access",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T01:33:59.946Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240065"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 - 6.1.2.7 IT47893 Apply B2Bi 6.1.2.7_1. 6.2.0.5 or 6.2.1.0\u003cbr\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.4 IT47893 Apply B2Bi 6.2.0.5 or 6.2.1.0\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eThe IIM versions of 6.1.2.7_1, 6.2.0.5 and 6.2.1.0 are available on Fix Central. \u003cbr\u003e\u003cbr\u003eThe container version of 6.1.2.7_1, 6.2.0.5 and 6.2.1.0 are available in IBM Entitled Registry.\u003cbr\u003e"
}
],
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 - 6.1.2.7 IT47893 Apply B2Bi 6.1.2.7_1. 6.2.0.5 or 6.2.1.0\nIBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.4 IT47893 Apply B2Bi 6.2.0.5 or 6.2.1.0\n \n\nThe IIM versions of 6.1.2.7_1, 6.2.0.5 and 6.2.1.0 are available on Fix Central. \n\nThe container version of 6.1.2.7_1, 6.2.0.5 and 6.2.1.0 are available in IBM Entitled Registry."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway link injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33014",
"datePublished": "2025-07-18T18:51:05.486Z",
"dateReserved": "2025-04-15T09:48:51.520Z",
"dateUpdated": "2025-08-18T01:33:59.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2793 (GCVE-0-2025-2793)
Vulnerability from cvelistv5
Published
2025-07-08 14:59
Modified
2025-08-24 11:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway
6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4
is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Sterling B2B Integrator |
Version: 6.0.0.0 ≤ 6.1.2.6 Version: 6.2.0.0 ≤ 6.2.0.4 cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2793",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T20:42:21.255885Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T20:42:29.485Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling B2B Integrator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.6",
"status": "affected",
"version": "6.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.4",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling File Gateway",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.6",
"status": "affected",
"version": "6.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.4",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway \n\n6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eis vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/span\u003e"
}
],
"value": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway \n\n6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4\n\n\n\nis vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:22:24.854Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7239092"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 - 6.1.2.6 IT47924 Apply B2Bi 6.1.2.7_1. 6.2.0.5 or 6.2.1.0\u003cbr\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.4 IT47924 Apply B2Bi 6.2.0.5 or 6.2.1.0\u003cbr\u003e"
}
],
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 - 6.1.2.6 IT47924 Apply B2Bi 6.1.2.7_1. 6.2.0.5 or 6.2.1.0\nIBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.4 IT47924 Apply B2Bi 6.2.0.5 or 6.2.1.0"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-2793",
"datePublished": "2025-07-08T14:59:15.632Z",
"dateReserved": "2025-03-25T15:10:58.467Z",
"dateUpdated": "2025-08-24T11:22:24.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3630 (GCVE-0-2025-3630)
Vulnerability from cvelistv5
Published
2025-07-08 14:51
Modified
2025-08-24 11:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway
6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4
is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Sterling B2B Integrator |
Version: 6.0.0.0 ≤ 6.1.2.6 Version: 6.2.0.0 ≤ 6.2.0.4 cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3630",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T15:13:38.374739Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T15:13:43.978Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling B2B Integrator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.6",
"status": "affected",
"version": "6.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.4",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling File Gateway",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.6",
"status": "affected",
"version": "6.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.4",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway \n\n6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4\n\nis vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway \n\n6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4\n\nis vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:31:14.738Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7239095"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 - 6.1.2.6 IT47924 Apply B2Bi 6.1.2.7_1. 6.2.0.5 or 6.2.1.0\u003cbr\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.4 IT47924 Apply B2Bi 6.2.0.5 or 6.2.1.0\u003cbr\u003e"
}
],
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 - 6.1.2.6 IT47924 Apply B2Bi 6.1.2.7_1. 6.2.0.5 or 6.2.1.0\nIBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.4 IT47924 Apply B2Bi 6.2.0.5 or 6.2.1.0"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-3630",
"datePublished": "2025-07-08T14:51:24.983Z",
"dateReserved": "2025-04-15T09:48:12.428Z",
"dateUpdated": "2025-08-24T11:31:14.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1349 (GCVE-0-2025-1349)
Vulnerability from cvelistv5
Published
2025-06-18 16:20
Modified
2025-08-24 11:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4
is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling B2B Integrator |
Version: 6.0.0.0 ≤ 6.1.2.6 Version: 6.2.0.0 ≤ 6.2.0.4 cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.6:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:standard:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1349",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T18:05:59.223483Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T18:13:39.371Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.6:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:standard:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling B2B Integrator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.6",
"status": "affected",
"version": "6.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.4",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eis vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/span\u003e"
}
],
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 \n\nis vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:50:52.809Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7237109"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 - 6.1.2.6 IT47515 Apply B2Bi 6.1.2.7. 6.2.0.5 or 6.2.1.0\u003cbr\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.4 IT47515 Apply B2Bi 6.2.0.5 or 6.2.1.0\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eThe IIM versions of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available on Fix Central. \u003cbr\u003e\u003cbr\u003eThe container version of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available in IBM Entitled Registry.\u003cbr\u003e"
}
],
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 - 6.1.2.6 IT47515 Apply B2Bi 6.1.2.7. 6.2.0.5 or 6.2.1.0\nIBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.4 IT47515 Apply B2Bi 6.2.0.5 or 6.2.1.0\n \n\nThe IIM versions of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available on Fix Central. \n\nThe container version of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available in IBM Entitled Registry."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1349",
"datePublished": "2025-06-18T16:20:51.025Z",
"dateReserved": "2025-02-15T15:14:06.287Z",
"dateUpdated": "2025-08-24T11:50:52.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1348 (GCVE-0-2025-1348)
Vulnerability from cvelistv5
Published
2025-06-18 16:19
Modified
2025-08-24 11:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-525 - Information Exposure Through Browser Caching
Summary
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 could allow a local user to obtain sensitive information from a user’s web browser cache due to not using a suitable caching policy.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling B2B Integrator |
Version: 6.0.0.0 ≤ 6.1.2.6 Version: 6.2.0.0 ≤ 6.2.0.4 cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.6:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:standard:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1348",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T18:25:33.803335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T18:26:07.919Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.6:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:standard:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling B2B Integrator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.6",
"status": "affected",
"version": "6.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.4",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 could allow a local user to obtain sensitive information from a user\u2019s web browser cache due to not using a suitable caching policy."
}
],
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 could allow a local user to obtain sensitive information from a user\u2019s web browser cache due to not using a suitable caching policy."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-525",
"description": "CWE-525 Information Exposure Through Browser Caching",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:50:32.968Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7237068"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 - 6.1.2.6 IT47515 Apply B2Bi 6.1.2.7. 6.2.0.5 or 6.2.1.0\u003cbr\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.4 IT47515 Apply B2Bi 6.2.0.5 or 6.2.1.0\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eThe IIM versions of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available on Fix Central. \u003cbr\u003e\u003cbr\u003eThe container version of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available in IBM Entitled Registry.\u003cbr\u003e"
}
],
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 - 6.1.2.6 IT47515 Apply B2Bi 6.1.2.7. 6.2.0.5 or 6.2.1.0\nIBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.4 IT47515 Apply B2Bi 6.2.0.5 or 6.2.1.0\n \n\nThe IIM versions of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available on Fix Central. \n\nThe container version of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available in IBM Entitled Registry."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1348",
"datePublished": "2025-06-18T16:19:48.515Z",
"dateReserved": "2025-02-15T15:14:05.404Z",
"dateUpdated": "2025-08-24T11:50:32.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54172 (GCVE-0-2024-54172)
Vulnerability from cvelistv5
Published
2025-06-18 16:13
Modified
2025-08-24 11:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling B2B Integrator |
Version: 6.0.0.0 ≤ 6.1.2.6 Version: 6.2.0.0 ≤ 6.2.0.4 cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.6:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:standard:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54172",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T18:28:46.177512Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T18:29:07.006Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.6:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:standard:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling B2B Integrator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.6",
"status": "affected",
"version": "6.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.4",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts."
}
],
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:46:45.622Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7237059"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 - 6.1.2.6 IT47515 Apply B2Bi 6.1.2.7. 6.2.0.5 or 6.2.1.0\u003cbr\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.4 IT47515 Apply B2Bi 6.2.0.5 or 6.2.1.0\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eThe IIM versions of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available on Fix Central. \u003cbr\u003e\u003cbr\u003eThe container version of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available in IBM Entitled Registry.\u003cbr\u003e"
}
],
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 - 6.1.2.6 IT47515 Apply B2Bi 6.1.2.7. 6.2.0.5 or 6.2.1.0\nIBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.4 IT47515 Apply B2Bi 6.2.0.5 or 6.2.1.0\n \n\nThe IIM versions of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available on Fix Central. \n\nThe container version of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available in IBM Entitled Registry."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site request forgery",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-54172",
"datePublished": "2025-06-18T16:13:10.754Z",
"dateReserved": "2024-11-30T14:47:41.352Z",
"dateUpdated": "2025-08-24T11:46:45.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54183 (GCVE-0-2024-54183)
Vulnerability from cvelistv5
Published
2025-06-18 15:08
Modified
2025-08-24 11:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling B2B Integrator |
Version: 6.0.0.0 ≤ 6.1.2.6 Version: 6.2.0.0 ≤ 6.2.0.4 cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.6:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:standard:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54183",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T15:26:28.864002Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T15:26:42.026Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.6:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:standard:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling B2B Integrator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.6",
"status": "affected",
"version": "6.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.4",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:47:06.405Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7237060"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 - 6.1.2.6 IT47515 Apply B2Bi 6.1.2.7. 6.2.0.5 or 6.2.1.0\u003cbr\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.4 IT47515 Apply B2Bi 6.2.0.5 or 6.2.1.0\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eThe IIM versions of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available on Fix Central. \u003cbr\u003e\u003cbr\u003eThe container version of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available in IBM Entitled Registry.\u003cbr\u003e"
}
],
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 - 6.1.2.6 IT47515 Apply B2Bi 6.1.2.7. 6.2.0.5 or 6.2.1.0\nIBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.4 IT47515 Apply B2Bi 6.2.0.5 or 6.2.1.0\n \n\nThe IIM versions of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available on Fix Central. \n\nThe container version of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available in IBM Entitled Registry."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-54183",
"datePublished": "2025-06-18T15:08:50.493Z",
"dateReserved": "2024-11-30T14:47:55.534Z",
"dateUpdated": "2025-08-24T11:47:06.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47116 (GCVE-0-2024-47116)
Vulnerability from cvelistv5
Published
2025-01-31 16:01
Modified
2025-01-31 16:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling B2B Integrator |
Version: 6.0.0.0 ≤ 6.1.2.5 Version: 6.2.0.0 ≤ 6.2.0.3 cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.5:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.3:*:*:*:standard:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47116",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T16:47:04.911358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T16:47:10.695Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.5:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.3:*:*:*:standard:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling B2B Integrator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.5",
"status": "affected",
"version": "6.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.3",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T16:01:06.963Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7182046"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling B2B Integrator cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-47116",
"datePublished": "2025-01-31T16:01:06.963Z",
"dateReserved": "2024-09-18T19:27:02.822Z",
"dateUpdated": "2025-01-31T16:47:10.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}