6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
25.9%
IBM Sterling B2B Integrator has addressed the cross-site scripting vulnerability
CVEID:CVE-2022-34330
**DESCRIPTION:**IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229469 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Sterling B2B Integrator | 6.0.0.0 - 6.0.3.6 |
IBM Sterling B2B Integrator | 6.1.0.0 - 6.1.0.5, 6…1.1.0 - 6.1.1.2, 6.1.2.0 |
Product | Version | APAR | Remediation & Fix |
---|---|---|---|
IBM Sterling B2B Integrator | 6.0.0.0 - 6.0.3.6 | IT41715 | Apply 6.0.3.7 |
IBM Sterling B2B Integrator | 6.1.0.0 - 6.1.0.5 | ||
6.1.1.0 - 6.1.1.2 | |||
6.1.2.0 |
IT41715
| Apply 6.1.0.6, 6.1.1.3 or 6.1.2.1
The version 6.0.3.7, 6.1.0.6, 6.1.1.3 and 6.1.2.1 are available on Fix Central.
The container version of 6.1.2.1 is available in IBM Entitled Registry with following tags.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm sterling b2b integrator | eq | 6.0.0.0 | |
ibm sterling b2b integrator | eq | 6.1.2.1 |
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
25.9%