Stored Cross-Site Scripting Vulnerability in IBM Sterling B2B Integrator and File Gateway
CVE-2025-1349

5.5MEDIUM

Key Information:

Vendor: IBM
Status: Sterling B2b Integrator
Vendor: CVE Published:; 18 June 2025

What is CVE-2025-1349?

IBM Sterling B2B Integrator and IBM Sterling File Gateway are susceptible to a stored cross-site scripting vulnerability that enables privileged users to insert arbitrary JavaScript code into the Web UI. This manipulation can compromise the intended functionality of the application and may result in the disclosure of user credentials within a trusted session, posing significant security risks.

Affected Version(s)

Sterling B2B Integrator 6.0.0.0 <= 6.1.2.6

Sterling B2B Integrator 6.2.0.0 <= 6.2.0.4

References

https://www.ibm.com/support/pages/node/7237109

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2025
Vulnerability Reserved
Feb 15, 2025