Cross-Site Scripting Vulnerability in IBM Sterling B2B Integrator and File Gateway
CVE-2020-4564

5.4MEDIUM

Key Information:

Vendor
IBM
Status
Sterling B2b Integrator
Sterling File Gateway
Vendor
CVE Published:
20 October 2020

Summary

The vulnerability in IBM Sterling B2B Integrator and File Gateway allows attackers to exploit cross-site scripting issues. By embedding arbitrary JavaScript code in the web interface, the functionality of these applications can be altered. This could lead to unauthorized disclosure of sensitive information such as user credentials during a trusted session, posing a significant risk to users' security.

Affected Version(s)

Sterling B2B Integrator 5.2.0.0

Sterling B2B Integrator 6.0.3.1

Sterling File Gateway 2.2.0.0

References

https://www.ibm.com/support/pages/node/6349539
x_refsource_CONFIRM
https://www.ibm.com/support/pages/node/6349533
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/183933
vdb-entryx_refsource_XF

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.