Cross-Site Scripting in IBM Sterling B2B Integrator by IBM
CVE-2024-40696

5.4MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
31 January 2025

Summary

IBM Sterling B2B Integrator exhibits a vulnerability that allows a privileged user to inject malicious JavaScript into the Web UI. This exploitation can modify the application's intended behavior, raising the risk of disclosing sensitive user credentials within an authenticated session. Organizations utilizing affected versions should take immediate action to mitigate potential threats associated with this security flaw.

Affected Version(s)

Sterling B2B Integrator 6.0.0.0 <= 6.1.2.5

Sterling B2B Integrator 6.2.0.0 <= 6.2.0.3

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.