Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Lifecycle Timeline
4DescriptionCVE.org
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 allows a remote unauthenticated attacker to view and delete the partners of a community and to delete the communities.
AnalysisAI
IBM Sterling B2B Integrator and IBM Sterling File Gateway contain an authentication bypass vulnerability that allows remote unauthenticated attackers to view and delete business partners within communities, as well as delete entire communities. Multiple versions are affected including 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0. While the CVSS score is 7.1 (High), the vulnerability requires low attack complexity and no user interaction, making it straightforward to exploit over the network with low privileges.
Technical ContextAI
This vulnerability affects IBM Sterling B2B Integrator and Sterling File Gateway (CPE: cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:*:*:*:*), enterprise-grade solutions for secure file transfer and B2B transaction processing. The root cause is CWE-306 (Missing Authentication for Critical Function), meaning certain administrative or management functions that control community partner relationships lack proper authentication checks. Sterling B2B Integrator is used by enterprises to orchestrate complex supply chain transactions and electronic data interchange (EDI), making partner and community management critical security boundaries. The CVSS vector indicates Low Privileges Required (PR:L), which contradicts the description stating 'unauthenticated attacker' - this discrepancy suggests the vulnerability may allow privilege escalation from minimal authenticated access to perform administrative functions without proper authorization checks.
RemediationAI
Apply the security patches provided by IBM immediately by consulting the vendor advisory at https://www.ibm.com/support/pages/node/7266518 for specific patch versions corresponding to each affected version range. Organizations should upgrade to the patched versions as specified in the IBM support page, which will address the missing authentication checks for community and partner management functions. As an interim mitigation until patching is completed, implement network segmentation to restrict access to Sterling B2B Integrator and File Gateway management interfaces to authorized administrator IP addresses only, enforce multi-factor authentication for all user accounts, and enable comprehensive audit logging to detect any unauthorized attempts to view or delete partner or community configurations. Monitor logs for suspicious activity targeting community management endpoints and review existing partner and community configurations to ensure integrity has not been compromised.
More in Sterling B2b Integrator
View allIBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL injection. Rated critical seve
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 is vulnerable to SQL injection. Rated critical seve
Unspecified vulnerability in the CLA2 server in IBM Gentran Integration Suite 4.3, Sterling Integrator 5.0 and 5.1, and
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 and 6.1.0.0 through 6.1.0.2 vulnerable to cross-s
IBM Sterling B2B Integrator Standard Edition 5.2.0 through 5.2.6 is vulnerable to cross-site scripting. Rated medium sev
IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) is vulnerable to cross-site
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vu
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vu
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which c
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenti
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to SQL in
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.2.0 is vulnerable to SQL injection. Rated high severity
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-12661