Stored Cross-Site Scripting Vulnerability in IBM Sterling B2B Integrator
CVE-2024-49807

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Sterling B2b Integrator
Vendor: CVE Published:; 31 January 2025

What is CVE-2024-49807?

IBM Sterling B2B Integrator versions 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition are susceptible to a stored cross-site scripting vulnerability. This flaw permits authenticated users to inject arbitrary JavaScript code into the web interface. This malicious code execution can lead to unauthorized actions and potentially compromise sensitive information, including credential disclosure during an active and trusted session.

Affected Version(s)

Sterling B2B Integrator 6.0.0.0 <= 6.1.2.5

Sterling B2B Integrator 6.2.0.0 <= 6.2.0.3

References

https://www.ibm.com/support/pages/node/7182011

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 31, 2025
Vulnerability Reserved
Oct 20, 2024