Cross-Site Scripting in IBM Sterling B2B Integrator by IBM
CVE-2024-40696
5.4MEDIUM
Summary
IBM Sterling B2B Integrator exhibits a vulnerability that allows a privileged user to inject malicious JavaScript into the Web UI. This exploitation can modify the application's intended behavior, raising the risk of disclosing sensitive user credentials within an authenticated session. Organizations utilizing affected versions should take immediate action to mitigate potential threats associated with this security flaw.
Affected Version(s)
Sterling B2B Integrator 6.0.0.0 <= 6.1.2.5
Sterling B2B Integrator 6.2.0.0 <= 6.2.0.3
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved