Cross-Site Scripting Vulnerability in IBM Sterling B2B Integrator and File Gateway
CVE-2020-4564
5.4MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 20 October 2020
Summary
The vulnerability in IBM Sterling B2B Integrator and File Gateway allows attackers to exploit cross-site scripting issues. By embedding arbitrary JavaScript code in the web interface, the functionality of these applications can be altered. This could lead to unauthorized disclosure of sensitive information such as user credentials during a trusted session, posing a significant risk to users' security.
Affected Version(s)
Sterling B2B Integrator 5.2.0.0
Sterling B2B Integrator 6.0.3.1
Sterling File Gateway 2.2.0.0
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved