IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.ibm.com/support/pages/node/7244023 |
![]() ![]() |
History
Thu, 04 Sep 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 04 Sep 2025 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |
Title | IBM Sterling B2B Integrator cross-site scripting | |
First Time appeared |
Ibm
Ibm sterling B2b Integrator Ibm sterling File Gateway |
|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_1:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.7_1:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.4:*:*:*:*:*:*:* |
|
Vendors & Products |
Ibm
Ibm sterling B2b Integrator Ibm sterling File Gateway |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: ibm
Published:
Updated: 2025-09-04T15:02:53.828Z
Reserved: 2025-03-23T14:38:43.348Z
Link: CVE-2025-2694

Updated: 2025-09-04T15:02:49.849Z

Status : Awaiting Analysis
Published: 2025-09-04T15:15:46.490
Modified: 2025-09-04T15:35:29.497
Link: CVE-2025-2694

No data.

No data.