IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Fixes

Solution

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 - 6.1.2.6 IT47515 Apply B2Bi 6.1.2.7. 6.2.0.5 or 6.2.1.0 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.4 IT47515 Apply B2Bi 6.2.0.5 or 6.2.1.0 The IIM versions of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available on Fix Central. The container version of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available in IBM Entitled Registry.


Workaround

No workaround given by the vendor.

History

Fri, 25 Jul 2025 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Ibm aix
Ibm sterling File Gateway
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:sterling_file_gateway:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Ibm aix
Ibm sterling File Gateway
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Wed, 18 Jun 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 18 Jun 2025 15:30:00 +0000

Type Values Removed Values Added
Description IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Title IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting
First Time appeared Ibm
Ibm sterling B2b Integrator
Weaknesses CWE-79
CPEs cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.6:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:standard:*:*:*
Vendors & Products Ibm
Ibm sterling B2b Integrator
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2025-08-24T11:47:06.405Z

Reserved: 2024-11-30T14:47:55.534Z

Link: CVE-2024-54183

cve-icon Vulnrichment

Updated: 2025-06-18T15:26:33.223Z

cve-icon NVD

Status : Analyzed

Published: 2025-06-18T16:15:26.807

Modified: 2025-07-25T17:57:41.800

Link: CVE-2024-54183

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.