Cross-Site Scripting in IBM Sterling B2B Integrator by IBM
CVE-2024-40696

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Sterling B2b Integrator
Vendor: CVE Published:; 31 January 2025

What is CVE-2024-40696?

IBM Sterling B2B Integrator exhibits a vulnerability that allows a privileged user to inject malicious JavaScript into the Web UI. This exploitation can modify the application's intended behavior, raising the risk of disclosing sensitive user credentials within an authenticated session. Organizations utilizing affected versions should take immediate action to mitigate potential threats associated with this security flaw.

Affected Version(s)

Sterling B2B Integrator 6.0.0.0 <= 6.1.2.5

Sterling B2B Integrator 6.2.0.0 <= 6.2.0.3

References

https://www.ibm.com/support/pages/node/7182011

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 31, 2025
Vulnerability Reserved
Jul 8, 2024