CVE-2024-54183

Published: Jun 18, 2025Modified: Jul 25, 2025

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: psirt@us.ibm.com (Secondary)

Description

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Affected (4)

Products: Ibm: Sterling B2b Integrator, Sterling File Gateway

Ibm

2 products

Sterling B2b Integrator

Sterling File Gateway

Configuration A

4 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Ibm Sterling B2b Integrator	From 6.0.0.0 to 6.1.2.7
Ibm Sterling B2b Integrator	From 6.2 to 6.2.0.5
Ibm Sterling File Gateway	From 6.0.0.0 to 6.1.2.7
Ibm Sterling File Gateway	From 6.2.0.0 to 6.2.0.5

Running on/with	Platform Versions
Ibm Aix	All versions
Linux Linux Kernel	All versions
Microsoft Windows	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (1)

https://www.ibm.com/support/pages/node/7237060

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.