EUVD-2025-208664CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
4DescriptionNVD
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
AnalysisAI
This is a stored cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator and IBM Sterling File Gateway that allows authenticated users to inject arbitrary JavaScript into the Web UI, potentially compromising session security and enabling credential theft. The vulnerability affects versions 6.1.0.0 through 6.2.2.0 across multiple minor version ranges, and while not yet listed as actively exploited in known vulnerability databases, the authentication requirement and UI-based attack surface present a moderate real-world risk for enterprises running these B2B integration platforms.
Technical ContextAI
The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation), which indicates the Web UI components of IBM Sterling B2B Integrator and File Gateway fail to properly sanitize or escape user-supplied input before rendering it in HTML contexts. These products serve as integration hubs for B2B workflows and file transfer operations, making the Web UI a critical administrative interface. The affected CPE strings are cpe:2.3:a:ibm:sterling_b2b_integrator and cpe:2.3:a:ibm:sterling_file_gateway, with the vulnerability present in the 6.1.x and 6.2.x release branches. The root cause is likely insufficient input validation or output encoding in one or more Web UI components that accept and reflect user-controlled data without proper HTML entity encoding or Content Security Policy enforcement.
RemediationAI
IBM has released patched versions addressing this vulnerability; upgrade IBM Sterling B2B Integrator and IBM Sterling File Gateway to versions released after 6.2.2.0 or apply the specific patches identified in the IBM Security Advisory (available through IBM's security portal). For organizations unable to patch immediately, implement network-level mitigations including: restrict Web UI access to trusted administrative IP ranges via firewall rules, enforce network segmentation to limit lateral movement from compromised administrative accounts, implement reverse proxy with strong Content Security Policy headers (frame-ancestors, script-src directives) to limit JavaScript injection impact, enable Web UI session logging and anomaly detection to identify malicious script injection attempts, and strengthen authentication with multi-factor authentication for administrative accounts to raise the bar for authenticated attacks. Additionally, review Web UI access logs for evidence of stored XSS injection attempts using patterns like script tags, event handlers, and JavaScript protocol schemes.
More from same product – last 7 days
Remote code execution in IBM Langflow OSS versions 1.0.0 through 1.9.1 lets unauthenticated network attackers run arbitr
Remote code execution and authentication bypass are possible in IBM Aspera High-Speed Transfer Server and High-Speed Tra
Authentication bypass in IBM Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I) versions 1.5.1 throu
Hard-coded credentials in IBM Controller (versions 11.0.1, 11.1.0, 11.1.1, and 11.1.2) give attackers a static, embedded
Arbitrary code execution in IBM Aspera High-Speed Transfer Server and Endpoint (versions 3.7.4 through 4.4.7 Fix Pack 1)
Share
External POC / Exploit Code
Leaving vuln.today