CVE-2024-54172

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.0%
top 93.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Sterling B2B IntegratorIBM Sterling File Gateway
Timeline
PublishedJun 18

Description

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

NVDibm/sterling_file_gateway6.0.0.06.1.2.7+1
NVDibm/sterling_b2b_integrator6.0.0.06.1.2.7+1
CVEListV5ibm/sterling_b2b_integrator6.0.0.06.1.2.6+1

🔴Vulnerability Details

2
GHSA
GHSA-5xm8-4jch-6rh8: IBM Sterling B2B Integrator and IBM Sterling File Gateway 62025-06-18
CVEList
IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site request forgery2025-06-18
CVE-2024-54172 (MEDIUM CVSS 4.3) | IBM Sterling B2B Integrator and IBM | cvebase.io