Description
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Published: 2026-03-13
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑Site Scripting that may expose credentials within trusted sessions
Action: Patch Immediately
AI Analysis

Impact

This vulnerability, identified as a cross‑site scripting flaw, permits an authenticated user to inject arbitrary JavaScript into the Web UI. The injected code can alter the intended functionality of the portal and potentially exfiltrate session credentials or other sensitive data. The weakness is classified under CWE‑79, highlighting a failure of proper input validation and output encoding.

Affected Systems

IBM Sterling B2B Integrator and IBM Sterling File Gateway are affected. The vulnerable versions span from 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0. These range include both standard enterprise releases and file gateway components as reflected in the listed CPE identifiers.

Risk and Exploitability

The CVSS score of 5.4 indicates a moderate severity. Exploitation probability, as per EPSS, is less than 1%, suggesting a low likelihood but not impossible, and the vulnerability is not currently catalogued in the KEV list. The attack vector is inferred to originate from within the authenticated Web UI; an attacker must first obtain valid credentials or leverage a compromised account. Once access is achieved, the flaw can be exploited without additional privileges, making the risk significant for organizations that have not timely applied the recommended patches.

Generated by OpenCVE AI on April 16, 2026 at 02:45 UTC.

Remediation

Vendor Solution

ProductVersionAPARRemediation & FixIBM Sterling B2B Integrator and IBM Sterling File Gateway6.1.0.0 - 6.1.2.7_2IT48958  Apply B2Bi 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.0.0 - 6.2.0.5_1IT48958  Apply B2Bi 6.2.0.5_2, 6.2.1.1_2 or 6.2.2.0_1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.1.0 - 6.2.1.1_1IT48958  Apply B2Bi 6.2.1.1_2 or 6.2.2.0_1IBM Sterling B2B Integrator and IBM Sterling File Gateway6.2.2.0IT48958 Apply B2Bi 6.2.2.0_1The IIM versions of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available on  Fix Central http://www-933.ibm.com/support/fixcentral/swg/selectFixes .  The container version of 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2 and 6.2.2.0_1 are available in IBM Entitled Registry.

OpenCVE Recommended Actions

  • Apply a recent patch or upgrade to IBM Sterling B2B Integrator or IBM Sterling File Gateway version 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2, or 6.2.2.0_1 from Fix Central or the Entitled Registry.
  • If an immediate patch is not feasible, restrict access to the Web UI by limiting it to trusted network segments and enforce least‑privilege authentication for all users.
  • Deploy additional input validation or a web application firewall that blocks script injection in the UI to mitigate the effect of the CWE‑79 weakness until a patch is applied.
  • Monitor audit logs for anomalous script injection activity to detect potential exploitation attempts.

Generated by OpenCVE AI on April 16, 2026 at 02:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 03:15:00 +0000

Type Values Removed Values Added
Title Cross‑Site Scripting in IBM Sterling B2B Integrator and File Gateway Exposing Credentials

Fri, 20 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Ibm sterling File Gateway
CPEs cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_file_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_file_gateway:6.2.2.0:*:*:*:*:*:*:*
Vendors & Products Ibm sterling File Gateway

Fri, 13 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
Description IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 are vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Fri, 13 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Description IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 are vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
First Time appeared Ibm
Ibm sterling B2b Integrator
Weaknesses CWE-79
CPEs cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:standard:*:*:*
Vendors & Products Ibm
Ibm sterling B2b Integrator
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

Subscriptions

Ibm Sterling B2b Integrator Sterling File Gateway
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-03-13T19:36:39.022Z

Reserved: 2026-01-09T23:27:35.566Z

Link: CVE-2026-0835

cve-icon Vulnrichment

Updated: 2026-03-13T19:36:34.834Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-13T19:53:56.827

Modified: 2026-03-20T19:18:53.287

Link: CVE-2026-0835

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T03:00:09Z

Weaknesses