Lucene search

IBM34DE9D564F312C53DEAA0513C52B7594B63760F402B0CAF4946618CDA2EDD176

HistoryApr 10, 2024 - 8:41 p.m.

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to cross-site scripting (CVE-2024-22357)

2024-04-1020:41:07

www.ibm.com

ibm sterling b2b integrator

cross-site scripting

vulnerability

fix

version 6.2.0.1

iim

container

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Summary

This bulletin identifies the steps to take to address a cross-site scripting vulnerability within IBM Sterling B2B Integrator.

Vulnerability Details

CVEID:CVE-2024-22357
**DESCRIPTION:**IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/280894 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Sterling B2B Integrator	6.0.0.0 - 6.0.3.9
IBM Sterling B2B Integrator	6.1.0.0 - 6.1.2.3
IBM Sterling B2B Integrator	6.2.0.0

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.

Product	Version	APAR	Remediation & Fix
IBM Sterling B2B Integrator	6.0.0.0 - 6.0.3.9	IT44452	Apply B2BI 6.1.2.5 or 6.2.0.1
IBM Sterling B2B Integrator	6.1.0.0 - 6.1.2.3	IT44452	Apply B2BI 6.1.2.5 or 6.2.0.1
IBM Sterling B2B Integrator	6.2.0.0	IT44452	Apply B2BI 6.2.0.1

The IIM versions of 6.1.2.5 and 6.2.0.1 are available on Fix Central.

The container version of 6.1.2.5 and 6.2.0.1 are available in IBM Entitled Registry.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmsterling_b2b_integratorMatch6.0.0.0

ibmsterling_b2b_integratorMatch6.2.0.1

CPENameOperatorVersion
ibm sterling b2b integratoreq6.0.0.0
ibm sterling b2b integratoreq6.2.0.1

CPE	Name	Operator	Version
	ibm sterling b2b integrator	eq	6.0.0.0
	ibm sterling b2b integrator	eq	6.2.0.1