Stored Cross-Site Scripting Vulnerability in IBM Sterling B2B Integrator
CVE-2023-50309

6.4MEDIUM

Key Information:

Vendor: IBM
Status: Sterling B2b Integrator Standard Edition
Vendor: CVE Published:; 23 January 2025

Summary

IBM Sterling B2B Integrator versions 6.0.0.0 through 6.2.0.0 are affected by a stored cross-site scripting vulnerability. This flaw allows attackers to inject and execute arbitrary JavaScript code within the web application interface. Such an exploit can change the behavior of the application, potentially leading to the disclosure of user credentials during an active session. Organizations using these versions should apply the latest updates to mitigate this risk.

Affected Version(s)

Sterling B2B Integrator Standard Edition 6.0.0.0 <= 6.1.2.5

Sterling B2B Integrator Standard Edition 6.2.0.0

References

https://www.ibm.com/support/pages/node/7176082

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 23, 2025
Vulnerability Reserved
Dec 7, 2023