Description
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, and 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Published: 2026-03-13
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑site scripting potentially exposing user credentials
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a classic cross‑site scripting flaw that enables an attacker to embed arbitrary JavaScript code in the web interface. This can alter normal UI behavior and may lead to the disclosure of credentials or other confidential data stored in a trusted session. The weakness is classified as CWE‑79.

Affected Systems

IBM Sterling B2B Integrator and IBM Sterling File Gateway versions 6.1.0.0 through 6.1.2.7_2 and 6.2.0.0 through 6.2.1.1_1 are affected by this flaw.

Risk and Exploitability

The vulnerability has a CVSS base score of 5.4, indicating moderate risk. EPSS scoring below 1% suggests exploitation is unlikely to be widespread, and it is not listed in the CISA KEV catalog. The likely attack vector involves the web UI, requiring an authenticated or compromised session to inject malicious script. Successful exploitation would grant an attacker the same privileges as the affected user, enabling credential theft or session hijacking. Given the low exploitable probability, monitoring for suspicious UI behavior is advised.

Generated by OpenCVE AI on March 20, 2026 at 16:38 UTC.

Remediation

Vendor Solution

Remediation/Fixes Product Version APAR Remediation & Fix IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 - 6.1.2.7_2 IT48832 Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.5_1 IT48832 Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.1.0 - 6.2.1.1_1 IT48832 Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.2.0 IT48832 Apply B2Bi 6.2.2.0_1 The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on Fix Central . The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry.

OpenCVE Recommended Actions

  • Apply the IBM‑approved patch or upgrade to a fixed version (e.g., B2Bi 6.2.2.0_1), following the instructions in IT48832.
  • Verify that the deployment has successfully updated the affected components to the non‑vulnerable release.

Generated by OpenCVE AI on March 20, 2026 at 16:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Ibm sterling File Gateway
CPEs cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_file_gateway:*:*:*:*:*:*:*:*
Vendors & Products Ibm sterling File Gateway

Fri, 13 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 19:45:00 +0000

Type Values Removed Values Added
Description IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, and 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Title IBM Sterling B2B Integrator and IBM Sterling File Gateway Cross-Site Scripting
First Time appeared Ibm
Ibm sterling B2b Integrator
Weaknesses CWE-79
CPEs cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm sterling B2b Integrator
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

Subscriptions

Ibm Sterling B2b Integrator Sterling File Gateway
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-03-13T19:44:18.750Z

Reserved: 2023-08-18T15:48:17.571Z

Link: CVE-2023-40693

cve-icon Vulnrichment

Updated: 2026-03-13T19:44:15.656Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-13T19:53:45.237

Modified: 2026-03-20T14:47:49.497

Link: CVE-2023-40693

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T13:40:13Z

Weaknesses