Skip to main content

Sterling B2b Integrator CVE-2026-1264

| EUVDEUVD-2026-12661 HIGH
Missing Authentication for Critical Function (CWE-306)
2026-03-17 ibm
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
None

Lifecycle Timeline

4
EUVD ID Assigned
Mar 17, 2026 - 23:02 euvd
EUVD-2026-12661
Analysis Generated
Mar 17, 2026 - 23:02 vuln.today
Patch released
Mar 17, 2026 - 23:02 nvd
Patch available
CVE Published
Mar 17, 2026 - 22:41 nvd
HIGH 7.1

DescriptionCVE.org

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 allows a remote unauthenticated attacker to view and delete the partners of a community and to delete the communities.

AnalysisAI

IBM Sterling B2B Integrator and IBM Sterling File Gateway contain an authentication bypass vulnerability that allows remote unauthenticated attackers to view and delete business partners within communities, as well as delete entire communities. Multiple versions are affected including 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0. While the CVSS score is 7.1 (High), the vulnerability requires low attack complexity and no user interaction, making it straightforward to exploit over the network with low privileges.

Technical ContextAI

This vulnerability affects IBM Sterling B2B Integrator and Sterling File Gateway (CPE: cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:*:*:*:*), enterprise-grade solutions for secure file transfer and B2B transaction processing. The root cause is CWE-306 (Missing Authentication for Critical Function), meaning certain administrative or management functions that control community partner relationships lack proper authentication checks. Sterling B2B Integrator is used by enterprises to orchestrate complex supply chain transactions and electronic data interchange (EDI), making partner and community management critical security boundaries. The CVSS vector indicates Low Privileges Required (PR:L), which contradicts the description stating 'unauthenticated attacker' - this discrepancy suggests the vulnerability may allow privilege escalation from minimal authenticated access to perform administrative functions without proper authorization checks.

RemediationAI

Apply the security patches provided by IBM immediately by consulting the vendor advisory at https://www.ibm.com/support/pages/node/7266518 for specific patch versions corresponding to each affected version range. Organizations should upgrade to the patched versions as specified in the IBM support page, which will address the missing authentication checks for community and partner management functions. As an interim mitigation until patching is completed, implement network segmentation to restrict access to Sterling B2B Integrator and File Gateway management interfaces to authorized administrator IP addresses only, enforce multi-factor authentication for all user accounts, and enable comprehensive audit logging to detect any unauthorized attempts to view or delete partner or community configurations. Monitor logs for suspicious activity targeting community management endpoints and review existing partner and community configurations to ensure integrity has not been compromised.

CVE-2021-29903 CRITICAL
9.8 Oct 06

IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL injection. Rated critical seve

CVE-2021-29798 CRITICAL
9.8 Oct 06

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 is vulnerable to SQL injection. Rated critical seve

CVE-2012-5937 CRITICAL
9.3 Apr 12

Unspecified vulnerability in the CLA2 server in IBM Gentran Integration Suite 4.3, Sterling Integrator 5.0 and 5.1, and

CVE-2021-20562 MEDIUM POC
5.4 Jul 27

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 and 6.1.0.0 through 6.1.0.2 vulnerable to cross-s

CVE-2018-1513 MEDIUM POC
5.4 Jul 23

IBM Sterling B2B Integrator Standard Edition 5.2.0 through 5.2.6 is vulnerable to cross-site scripting. Rated medium sev

CVE-2018-1563 MEDIUM POC
5.4 Jul 20

IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) is vulnerable to cross-site

CVE-2017-1174 HIGH
8.8 Aug 10

IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vu

CVE-2017-1347 HIGH
8.8 Jun 23

IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vu

CVE-2021-29837 HIGH
8.8 Oct 06

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which c

CVE-2020-4700 HIGH
8.8 Nov 16

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenti

CVE-2020-4655 HIGH
8.8 Nov 16

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to SQL in

CVE-2019-4387 HIGH
8.8 Nov 26

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.2.0 is vulnerable to SQL injection. Rated high severity

Share

CVE-2026-1264 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy