CVE-2025-2694 in Sterling B2B Integratorinfo

Summary

by MITRE • 09/04/2025

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 09/04/2025

This cross-site scripting vulnerability exists within IBM Sterling B2B Integrator and IBM Sterling File Gateway products across multiple versions, representing a critical security weakness that can be exploited by authenticated attackers. The flaw resides in the web user interface components where input validation is insufficient, allowing malicious users with privileged access to inject malicious javascript code into the application's web interface. The vulnerability specifically affects versions 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 of both product lines, creating a significant attack surface for threat actors who can leverage their elevated privileges to manipulate the web application's behavior.

The technical implementation of this vulnerability stems from inadequate sanitization of user inputs within the web interface, particularly in areas where administrative functions are performed. When a privileged user interacts with the application's web UI, their input is not properly escaped or validated before being rendered back to other users or stored within the application. This creates an environment where malicious javascript code can be embedded and subsequently executed in the context of other users' browser sessions. The CWE-79 classification applies here as this represents a classic cross-site scripting vulnerability where untrusted data is incorporated into web pages without proper validation or encoding.

The operational impact of this vulnerability extends beyond simple script execution, as it can lead to complete session hijacking and credential theft within trusted environments. An attacker with privileged access can craft malicious payloads that, when executed in other users' browsers, can capture session cookies, steal authentication tokens, or redirect users to malicious sites. This threat is particularly dangerous in enterprise environments where these applications handle sensitive business transactions and file transfers, as the compromised credentials could provide access to critical business data and integrations. The vulnerability essentially undermines the trust model of the application by allowing authenticated users to manipulate the web interface in ways that compromise other users' sessions.

Organizations should immediately implement multiple layers of mitigation strategies to address this vulnerability. The primary defense involves applying the vendor-provided security patches and updates as soon as they become available, which will correct the input validation flaws in the web interface components. Additionally, implementing proper input sanitization and output encoding mechanisms within the application's web framework can prevent similar issues from occurring in the future. Network-level protections such as web application firewalls should be configured to detect and block suspicious javascript payloads, while also implementing strict access controls and monitoring for unusual administrative activities that might indicate exploitation attempts. The attack surface can be reduced by limiting the number of privileged users and implementing principle of least privilege access controls. Regular security assessments and penetration testing should be conducted to identify similar vulnerabilities in other components of the integrated systems, as this vulnerability represents a broader pattern of insufficient input validation that may exist elsewhere in the application architecture.

Responsible

Ibm

Reservation

03/23/2025

Disclosure

09/04/2025

Moderation

accepted

CPE

ready

EPSS

0.00173

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!