Cross-Site Scripting Vulnerability in IBM Sterling B2B Integrator
CVE-2021-20553
5.4MEDIUM
What is CVE-2021-20553?
CVE-2021-20553 is a high-risk vulnerability affecting IBM Sterling B2B Integrator Standard Edition versions 5.2.0.0 through 6.1.1.0. This vulnerability enables attackers to exploit cross-site scripting (XSS) within the Web UI, which permits the injection of arbitrary JavaScript code. Such exploitation can lead to unauthorized alterations of the application’s intended functionalities, with a significant risk of credential disclosure to attackers during a trusted session. Users of the affected versions are advised to apply security updates promptly to mitigate this critical security risk.
Affected Version(s)
Sterling B2B Integrator 5.2.0.0 <= 5.2.6.5
Sterling B2B Integrator 6.0.0.0 <= 6.0.0.6
Sterling B2B Integrator 6.0.1.0 <= 6.0.3.4