Cross-Site Scripting Vulnerability in IBM Sterling B2B Integrator
CVE-2023-32340

4.6MEDIUM

Key Information:

Vendor: IBM
Status: Sterling B2b Integrator Standard Edition
Vendor: CVE Published:; 23 January 2025

Summary

IBM Sterling B2B Integrator versions 6.0.0.0 through 6.1.2.5 and 6.2.0.0 are susceptible to a cross-site scripting vulnerability. This security flaw enables attackers to inject arbitrary JavaScript code into the Web UI, which can manipulate the intended application behavior. As a result, this could potentially lead to unauthorized access or disclosure of sensitive information, such as user credentials, while operating within a trusted session.

Affected Version(s)

Sterling B2B Integrator Standard Edition 6.0.0.0 <= 6.1.2.5

Sterling B2B Integrator Standard Edition 6.2.0.0

References

https://www.ibm.com/support/pages/node/7176082

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 23, 2025
Vulnerability Reserved
May 8, 2023