Arbitrary Code Execution Vulnerability in IBM Sterling B2B Integrator
CVE-2024-31903
8.8HIGH
Summary
A vulnerability exists in IBM Sterling B2B Integrator Standard Edition that allows an attacker within the local network to execute arbitrary code on the system. This is due to improper deserialization of untrusted data, which can lead to exploitation of the affected versions. Proper validation of data is critical to preventing such security risks.
Affected Version(s)
Sterling B2B Integrator Standard Edition 6.0.0.0 <= 6.1.2.5
Sterling B2B Integrator Standard Edition 6.2.0.0 <= 6.2.0.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved