Security Bulletin: Cross-Site Scripting Vulnerability Affects the Mailbox User Interface of IBM Sterling B2B Integrator (CVE-2021-29855)

2021-10-0521:25:30

www.ibm.com

0.001 Low

EPSS

Percentile

19.6%

JSON

Summary

IBM Sterling B2B Integrator has addressed the vulnerability.

Vulnerability Details

CVEID:CVE-2021-29855
**DESCRIPTION:**IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205684 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s)	APAR(s)	Version(s)
IBM Sterling B2B Integrator	IT37597	5.2.0.0 - 6.0.3.4
IBM Sterling B2B Integrator	IT37597	6.1.0.0 - 6.1.0.3

Remediation/Fixes

Product & Version	Remediation & Fix
5.2.0.0 - 6.0.3.4	Apply IBM Sterling B2B Integrator version 6.0.3.5 or 6.1.1.0 on Fix Central
6.1.0.0 - 6.1.0.3	Apply IBM Sterling B2B Integrator version 6.1.1.0 on Fix Central

Workarounds and Mitigations

None

CPENameOperatorVersion
sterling b2b integratoreq5.2.0.0
sterling b2b integratoreq6.1.1.0

CPE	Name	Operator	Version
	sterling b2b integrator	eq	5.2.0.0
	sterling b2b integrator	eq	6.1.1.0

0.001 Low

EPSS

Percentile

19.6%

JSON

Related for D62DCDAD2D4AEA97A3D9B1AC8FF0097C8EBF0B66E6576B9577557C26E27B3A20