IBM Sterling B2B Integrator cross-site scripting_CVE-2025-2694

4.8 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Description

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Basic Information

ID CVE-2025-2694

Source ibm

Published Sep 4, 2025 at 14:43

Modified Sep 4, 2025 at 15:02

Affected Product

Vendor IBM

Product Sterling B2B Integrator

Version 6.0.0.0

Affected Versions IBM Sterling B2B Integrator 6.0.0.0
IBM Sterling B2B Integrator 6.2.0.0
IBM Sterling File Gateway 6.0.0.0
IBM Sterling File Gateway 6.2.0.0

CWE Classification

CWE-79

References

www.ibm.com /support/pages/node/7244023

{
    "lastseen": "",
    "description": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.",
    "published": "2025-09-04T14:43:26.848Z",
    "modified": "2025-09-04T15:02:53.828Z",
    "type": "cve",
    "title": "IBM Sterling B2B Integrator cross-site scripting",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7244023",
    "id": "CVE-2025-2694",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "IBM Sterling B2B Integrator 6.0.0.0\nIBM Sterling B2B Integrator 6.2.0.0\nIBM Sterling File Gateway 6.0.0.0\nIBM Sterling File Gateway 6.2.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Sterling B2B Integrator",
    "version": "6.0.0.0",
    "vendor": "IBM",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}