Cross-Site Scripting Flaw in IBM Sterling B2B Integrator
CVE-2024-56338

4.8MEDIUM

Key Information:

Vendor: IBM
Status: Sterling B2b Integrator Standard Edition
Vendor: CVE Published:; 11 March 2025

What is CVE-2024-56338?

IBM Sterling B2B Integrator Standard Edition versions 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 are affected by a cross-site scripting vulnerability. This flaw permits a privileged user to inject arbitrary JavaScript code into the Web UI, altering its functionality. Consequently, this may lead to the exposure of user credentials during a trusted session, posing a significant security risk. Immediate action is recommended to mitigate potential exploits.

Affected Version(s)

Sterling B2B Integrator Standard Edition 6.0.0.0 <= 6.1.2.6

Sterling B2B Integrator Standard Edition 6.2.0.0 <= 6.2.0.3

References

https://www.ibm.com/support/pages/node/7185265

vendor-advisory

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 11, 2025
Vulnerability Reserved
Dec 20, 2024