CVE-2025-1349Cross-site Scripting in IBM Sterling B2B Integrator

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.8MEDIUMNVD
CNA5.5
EPSS
0.1%
top 67.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Sterling B2B IntegratorIBM Sterling File Gateway
Timeline
PublishedJun 18

Description

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages3 packages

NVDibm/sterling_file_gateway6.0.0.06.1.2.7+1
NVDibm/sterling_b2b_integrator6.0.0.06.1.2.7+1
CVEListV5ibm/sterling_b2b_integrator6.0.0.06.1.2.6+1

🔴Vulnerability Details

2
GHSA
GHSA-xpf3-5x9r-5xfw: IBM Sterling B2B Integrator and IBM Sterling File Gateway 62025-06-18
CVEList
IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting2025-06-18
CVE-2025-1349 — Cross-site Scripting in IBM | cvebase