CVE-2024-54172

Published: Jun 18, 2025Modified: Jul 25, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: psirt@us.ibm.com (Secondary)

Description

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Affected (4)

Products: Ibm: Sterling B2b Integrator, Sterling File Gateway

Ibm

2 products

Sterling B2b Integrator

Sterling File Gateway

Configuration A

4 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Ibm Sterling B2b Integrator	From 6.0.0.0 to 6.1.2.7
Ibm Sterling B2b Integrator	From 6.2 to 6.2.0.5
Ibm Sterling File Gateway	From 6.0.0.0 to 6.1.2.7
Ibm Sterling File Gateway	From 6.2.0.0 to 6.2.0.5

Running on/with	Platform Versions
Ibm Aix	All versions
Linux Linux Kernel	All versions
Microsoft Windows	All versions

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (1)

https://www.ibm.com/support/pages/node/7237059

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.