IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Fixes

Solution

VersionAPARRemediation & FixIBM Sterling B2B Integrator and IBM Sterling File Gateway6.0.0.0 - 6.1.2.7_1IT47981Apply B2Bi 6.1.2.7_2. 6.2.0.5 or 6.2.1.1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.0.0 - 6.2.0.4IT47981Apply B2Bi 6.2.0.5 or 6.2.1.1   The IIM versions of 6.1.2.7_2, 6.2.0.5 and 6.2.1.1 are available on Fix Central http://www-933.ibm.com/support/fixcentral/swg/selectFixes . The container version of 6.1.2.7_2, 6.2.0.5 and 6.2.1.1 are available in IBM Entitled Registry.


Workaround

No workaround given by the vendor.

History

Wed, 10 Sep 2025 17:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_file_gateway:*:*:*:*:*:*:*:*

Thu, 04 Sep 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 04 Sep 2025 15:00:00 +0000

Type Values Removed Values Added
Description IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Title IBM Sterling B2B Integrator cross-site scripting
First Time appeared Ibm
Ibm sterling B2b Integrator
Ibm sterling File Gateway
Weaknesses CWE-79
CPEs cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7_1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.4:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm sterling B2b Integrator
Ibm sterling File Gateway
References
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2025-09-04T15:02:53.828Z

Reserved: 2025-03-23T14:38:43.348Z

Link: CVE-2025-2694

cve-icon Vulnrichment

Updated: 2025-09-04T15:02:49.849Z

cve-icon NVD

Status : Analyzed

Published: 2025-09-04T15:15:46.490

Modified: 2025-09-10T17:15:33.390

Link: CVE-2025-2694

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.