CVE-2025-1348 (GCVE-0-2025-1348)
Vulnerability from
Published
2025-06-18 16:19
Modified
2025-08-24 11:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-525 - Information Exposure Through Browser Caching
Summary
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 could allow a local user to obtain sensitive information from a user’s web browser cache due to not using a suitable caching policy.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling B2B Integrator |
Version: 6.0.0.0 ≤ 6.1.2.6 Version: 6.2.0.0 ≤ 6.2.0.4 cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.6:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:standard:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1348",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T18:25:33.803335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T18:26:07.919Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.6:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:standard:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling B2B Integrator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.6",
"status": "affected",
"version": "6.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.4",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 could allow a local user to obtain sensitive information from a user\u2019s web browser cache due to not using a suitable caching policy."
}
],
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 could allow a local user to obtain sensitive information from a user\u2019s web browser cache due to not using a suitable caching policy."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-525",
"description": "CWE-525 Information Exposure Through Browser Caching",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:50:32.968Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7237068"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 - 6.1.2.6 IT47515 Apply B2Bi 6.1.2.7. 6.2.0.5 or 6.2.1.0\u003cbr\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.4 IT47515 Apply B2Bi 6.2.0.5 or 6.2.1.0\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eThe IIM versions of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available on Fix Central. \u003cbr\u003e\u003cbr\u003eThe container version of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available in IBM Entitled Registry.\u003cbr\u003e"
}
],
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 - 6.1.2.6 IT47515 Apply B2Bi 6.1.2.7. 6.2.0.5 or 6.2.1.0\nIBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.4 IT47515 Apply B2Bi 6.2.0.5 or 6.2.1.0\n \n\nThe IIM versions of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available on Fix Central. \n\nThe container version of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available in IBM Entitled Registry."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1348",
"datePublished": "2025-06-18T16:19:48.515Z",
"dateReserved": "2025-02-15T15:14:05.404Z",
"dateUpdated": "2025-08-24T11:50:32.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36049 (GCVE-0-2025-36049)
Vulnerability from
Published
2025-06-18 16:06
Modified
2025-08-24 11:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Summary
IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15
is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | webMethods Integration Server |
Version: 10.5 Version: 10.7 Version: 10.11 Version: 10.15 cpe:2.3:a:softwareag:webmethods:10.5:*:*:*:*:*:*:* cpe:2.3:a:softwareag:webmethods:10.7:*:*:*:*:*:*:* cpe:2.3:a:softwareag:webmethods:10.11:*:*:*:*:*:*:* cpe:2.3:a:softwareag:webmethods:10.15:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36049",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T17:47:53.956675Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T17:48:11.269Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:softwareag:webmethods:10.5:*:*:*:*:*:*:*",
"cpe:2.3:a:softwareag:webmethods:10.7:*:*:*:*:*:*:*",
"cpe:2.3:a:softwareag:webmethods:10.11:*:*:*:*:*:*:*",
"cpe:2.3:a:softwareag:webmethods:10.15:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "webMethods Integration Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.5"
},
{
"status": "affected",
"version": "10.7"
},
{
"status": "affected",
"version": "10.11"
},
{
"status": "affected",
"version": "10.15"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Filip Dragovic"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eis vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands.\u003c/span\u003e"
}
],
"value": "IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 \n\nis vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:50:08.864Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7237146"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM strongly recommends addressing the vulnerability now by applying the mentioned core fixes or later core fixes for the affected versions and following the respective fix readme document.\u003cbr\u003e\u003cbr\u003eIS_10.5_Core_Fix29 or later\u003cbr\u003eIS_10.7_Core_Fix23 or later\u003cbr\u003eIS_10.11_Core_Fix11 or later\u003cbr\u003eIS_10.15_Core_Fix14 or later\u003cbr\u003e\u003cbr\u003eFixes can be downloaded and installed via IBM webMethods Update Manager. Refer to How to Download webMethods Software\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by applying the mentioned core fixes or later core fixes for the affected versions and following the respective fix readme document.\n\nIS_10.5_Core_Fix29 or later\nIS_10.7_Core_Fix23 or later\nIS_10.11_Core_Fix11 or later\nIS_10.15_Core_Fix14 or later\n\nFixes can be downloaded and installed via IBM webMethods Update Manager. Refer to How to Download webMethods Software"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM webMethods Integration Sever XML external entity injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36049",
"datePublished": "2025-06-18T16:06:18.983Z",
"dateReserved": "2025-04-15T21:16:10.569Z",
"dateUpdated": "2025-08-24T11:50:08.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36048 (GCVE-0-2025-36048)
Vulnerability from
Published
2025-06-18 16:04
Modified
2025-08-24 11:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-250 - Execution with Unnecessary Privileges
Summary
IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | webMethods Integration Server |
Version: 10.5 Version: 10.7 Version: 10.11 Version: 10.15 cpe:2.3:a:softwareag:webmethods:10.5:*:*:*:*:*:*:* cpe:2.3:a:softwareag:webmethods:10.7:*:*:*:*:*:*:* cpe:2.3:a:softwareag:webmethods:10.11:*:*:*:*:*:*:* cpe:2.3:a:softwareag:webmethods:10.15:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36048",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T17:49:44.656092Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T17:53:01.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:softwareag:webmethods:10.5:*:*:*:*:*:*:*",
"cpe:2.3:a:softwareag:webmethods:10.7:*:*:*:*:*:*:*",
"cpe:2.3:a:softwareag:webmethods:10.11:*:*:*:*:*:*:*",
"cpe:2.3:a:softwareag:webmethods:10.15:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "webMethods Integration Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.5"
},
{
"status": "affected",
"version": "10.7"
},
{
"status": "affected",
"version": "10.11"
},
{
"status": "affected",
"version": "10.15"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rob Maslen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges."
}
],
"value": "IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:48:18.694Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7237144"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM strongly recommends addressing the vulnerability now by applying the mentioned core fixes or later core fixes for the affected versions and following the respective fix readme document.\u003cbr\u003e\u003cbr\u003eIS_10.5_Core_Fix29 or later\u003cbr\u003eIS_10.7_Core_Fix23 or later\u003cbr\u003eIS_10.11_Core_Fix11 or later\u003cbr\u003eIS_10.15_Core_Fix14 or later\u003cbr\u003e\u003cbr\u003eFixes can be downloaded and installed via IBM webMethods Update Manager. Refer to How to Download webMethods Software\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by applying the mentioned core fixes or later core fixes for the affected versions and following the respective fix readme document.\n\nIS_10.5_Core_Fix29 or later\nIS_10.7_Core_Fix23 or later\nIS_10.11_Core_Fix11 or later\nIS_10.15_Core_Fix14 or later\n\nFixes can be downloaded and installed via IBM webMethods Update Manager. Refer to How to Download webMethods Software"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM webMethods Integration Sever code execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36048",
"datePublished": "2025-06-18T16:04:28.802Z",
"dateReserved": "2025-04-15T21:16:10.569Z",
"dateUpdated": "2025-08-24T11:48:18.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54183 (GCVE-0-2024-54183)
Vulnerability from
Published
2025-06-18 15:08
Modified
2025-08-24 11:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling B2B Integrator |
Version: 6.0.0.0 ≤ 6.1.2.6 Version: 6.2.0.0 ≤ 6.2.0.4 cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.6:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:standard:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54183",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T15:26:28.864002Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T15:26:42.026Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.6:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:standard:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling B2B Integrator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.6",
"status": "affected",
"version": "6.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.4",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:47:06.405Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7237060"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 - 6.1.2.6 IT47515 Apply B2Bi 6.1.2.7. 6.2.0.5 or 6.2.1.0\u003cbr\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.4 IT47515 Apply B2Bi 6.2.0.5 or 6.2.1.0\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eThe IIM versions of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available on Fix Central. \u003cbr\u003e\u003cbr\u003eThe container version of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available in IBM Entitled Registry.\u003cbr\u003e"
}
],
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 - 6.1.2.6 IT47515 Apply B2Bi 6.1.2.7. 6.2.0.5 or 6.2.1.0\nIBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.4 IT47515 Apply B2Bi 6.2.0.5 or 6.2.1.0\n \n\nThe IIM versions of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available on Fix Central. \n\nThe container version of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available in IBM Entitled Registry."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-54183",
"datePublished": "2025-06-18T15:08:50.493Z",
"dateReserved": "2024-11-30T14:47:55.534Z",
"dateUpdated": "2025-08-24T11:47:06.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54172 (GCVE-0-2024-54172)
Vulnerability from
Published
2025-06-18 16:13
Modified
2025-08-24 11:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling B2B Integrator |
Version: 6.0.0.0 ≤ 6.1.2.6 Version: 6.2.0.0 ≤ 6.2.0.4 cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.6:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:standard:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54172",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T18:28:46.177512Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T18:29:07.006Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.6:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:standard:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling B2B Integrator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.6",
"status": "affected",
"version": "6.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.4",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts."
}
],
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:46:45.622Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7237059"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 - 6.1.2.6 IT47515 Apply B2Bi 6.1.2.7. 6.2.0.5 or 6.2.1.0\u003cbr\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.4 IT47515 Apply B2Bi 6.2.0.5 or 6.2.1.0\u003cbr\u003e \u003cbr\u003e\u003cbr\u003eThe IIM versions of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available on Fix Central. \u003cbr\u003e\u003cbr\u003eThe container version of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available in IBM Entitled Registry.\u003cbr\u003e"
}
],
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 - 6.1.2.6 IT47515 Apply B2Bi 6.1.2.7. 6.2.0.5 or 6.2.1.0\nIBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.4 IT47515 Apply B2Bi 6.2.0.5 or 6.2.1.0\n \n\nThe IIM versions of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available on Fix Central. \n\nThe container version of 6.1.2.7, 6.2.0.5 and 6.2.1.0 are available in IBM Entitled Registry."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site request forgery",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-54172",
"datePublished": "2025-06-18T16:13:10.754Z",
"dateReserved": "2024-11-30T14:47:41.352Z",
"dateUpdated": "2025-08-24T11:46:45.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3221 (GCVE-0-2025-3221)
Vulnerability from
Published
2025-06-21 12:44
Modified
2025-08-24 11:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Summary
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to cause a denial of service due to insufficient validation of incoming request resources.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | InfoSphere Information Server |
Version: 11.7.0.0 ≤ 11.7.1.6 cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3221",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T14:59:57.807709Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T15:00:06.906Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "InfoSphere Information Server",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.7.1.6",
"status": "affected",
"version": "11.7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to cause a denial of service due to insufficient validation of incoming request resources."
}
],
"value": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to cause a denial of service due to insufficient validation of incoming request resources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:44:57.166Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7235496"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "InfoSphere Information Server, InfoSphere Information Server on Cloud 11.7.0.0 to 11.7.1.6 DT434984 \u003cbr\u003e --Apply InfoSphere Information Server version 11.7.1.0 \u003cbr\u003e--Apply InfoSphere Information Server version 11.7.1.6\u003cbr\u003e\u003cbr\u003e--Apply Information Server Microservices tier security patch\u003cbr\u003e"
}
],
"value": "InfoSphere Information Server, InfoSphere Information Server on Cloud 11.7.0.0 to 11.7.1.6 DT434984 \n --Apply InfoSphere Information Server version 11.7.1.0 \n--Apply InfoSphere Information Server version 11.7.1.6\n\n--Apply Information Server Microservices tier security patch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM InfoSphere Information Server denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-3221",
"datePublished": "2025-06-21T12:44:26.622Z",
"dateReserved": "2025-04-03T13:44:40.168Z",
"dateUpdated": "2025-08-24T11:44:57.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3629 (GCVE-0-2025-3629)
Vulnerability from
Published
2025-06-21 12:45
Modified
2025-08-24 11:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-282 - Improper Ownership Management
Summary
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6
could allow an authenticated user to delete another user's comments due to improper ownership management.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | InfoSphere Information Server |
Version: 11.7.0.0 ≤ 11.7.1.6 cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3629",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T14:59:40.326419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T14:59:46.768Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "InfoSphere Information Server",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.7.1.6",
"status": "affected",
"version": "11.7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow an authenticated user to delete another user\u0027s comments due to improper ownership management.\u003c/span\u003e"
}
],
"value": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 \n\ncould allow an authenticated user to delete another user\u0027s comments due to improper ownership management."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-282",
"description": "CWE-282 Improper Ownership Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:44:35.734Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7235496"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "InfoSphere Information Server, InfoSphere Information Server on Cloud 11.7.0.0 to 11.7.1.6 DT434984 \u003cbr\u003e --Apply InfoSphere Information Server version 11.7.1.0 \u003cbr\u003e--Apply InfoSphere Information Server version 11.7.1.6\u003cbr\u003e\u003cbr\u003e--Apply Information Server Microservices tier security patch\u003cbr\u003e"
}
],
"value": "InfoSphere Information Server, InfoSphere Information Server on Cloud 11.7.0.0 to 11.7.1.6 DT434984 \n --Apply InfoSphere Information Server version 11.7.1.0 \n--Apply InfoSphere Information Server version 11.7.1.6\n\n--Apply Information Server Microservices tier security patch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM InfoSphere Information Server file manipulation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-3629",
"datePublished": "2025-06-21T12:45:57.805Z",
"dateReserved": "2025-04-15T09:48:10.126Z",
"dateUpdated": "2025-08-24T11:44:35.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0966 (GCVE-0-2025-0966)
Vulnerability from
Published
2025-06-25 02:40
Modified
2025-08-24 11:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
IBM InfoSphere Information Server 11.7 vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | InfoSphere Information Server |
Version: 11.7 cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0966",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-25T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T03:55:20.442Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "InfoSphere Information Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM InfoSphere Information Server 11.7 vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database."
}
],
"value": "IBM InfoSphere Information Server 11.7 vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:41:45.088Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7236613"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "InfoSphere Information Server, InfoSphere Information Server on Cloud 11.7.0.0 to 11.7.1.6 DT422417 --Apply InfoSphere Information Server version 11.7.1.0 \u003cbr\u003e--Apply InfoSphere Information Server version 11.7.1.6\u003cbr\u003e\u003cbr\u003e--Apply InfoSphere DataStage security patch\u003cbr\u003e--For InfoSphere DataStage Flow Designer, a security patch will be published subsequently.\u003cbr\u003e"
}
],
"value": "InfoSphere Information Server, InfoSphere Information Server on Cloud 11.7.0.0 to 11.7.1.6 DT422417 --Apply InfoSphere Information Server version 11.7.1.0 \n--Apply InfoSphere Information Server version 11.7.1.6\n\n--Apply InfoSphere DataStage security patch\n--For InfoSphere DataStage Flow Designer, a security patch will be published subsequently."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM InfoSphere Information Server SQL injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-0966",
"datePublished": "2025-06-25T02:40:39.889Z",
"dateReserved": "2025-02-01T15:06:54.119Z",
"dateUpdated": "2025-08-24T11:41:45.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3630 (GCVE-0-2025-3630)
Vulnerability from
Published
2025-07-08 14:51
Modified
2025-08-24 11:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway
6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4
is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Sterling B2B Integrator |
Version: 6.0.0.0 ≤ 6.1.2.6 Version: 6.2.0.0 ≤ 6.2.0.4 cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3630",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T15:13:38.374739Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T15:13:43.978Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling B2B Integrator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.6",
"status": "affected",
"version": "6.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.4",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling File Gateway",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.6",
"status": "affected",
"version": "6.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.4",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway \n\n6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4\n\nis vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway \n\n6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4\n\nis vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:31:14.738Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7239095"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 - 6.1.2.6 IT47924 Apply B2Bi 6.1.2.7_1. 6.2.0.5 or 6.2.1.0\u003cbr\u003eIBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.4 IT47924 Apply B2Bi 6.2.0.5 or 6.2.1.0\u003cbr\u003e"
}
],
"value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 - 6.1.2.6 IT47924 Apply B2Bi 6.1.2.7_1. 6.2.0.5 or 6.2.1.0\nIBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.4 IT47924 Apply B2Bi 6.2.0.5 or 6.2.1.0"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-3630",
"datePublished": "2025-07-08T14:51:24.983Z",
"dateReserved": "2025-04-15T09:48:12.428Z",
"dateUpdated": "2025-08-24T11:31:14.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27367 (GCVE-0-2025-27367)
Vulnerability from
Published
2025-07-08 18:42
Modified
2025-08-24 11:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Summary
IBM OpenPages with Watson 8.3 and 9.0
is vulnerable to improper input validation due to bypassing of client-side validation for the data types and requiredness of fields for GRC Objects when an authenticated user sends a specially crafted payload to the server allowing for data to be saved without storing the required fields.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | OpenPages with Watson |
Version: 8.3 Version: 9.0 cpe:2.3:a:ibm:openpages_with_watson:8.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:openpages_with_watson:9.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27367",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T19:06:03.792806Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T19:06:17.456Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:openpages_with_watson:8.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:openpages_with_watson:9.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "OpenPages with Watson",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.3"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM OpenPages with Watson 8.3 and 9.0 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eis vulnerable to improper input validation due to bypassing of client-side validation for the data types and requiredness of fields for GRC Objects when an authenticated user sends a specially crafted payload to the server allowing for data to be saved without storing the required fields.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "IBM OpenPages with Watson 8.3 and 9.0 \n\n\n\n\n\nis vulnerable to improper input validation due to bypassing of client-side validation for the data types and requiredness of fields for GRC Objects when an authenticated user sends a specially crafted payload to the server allowing for data to be saved without storing the required fields."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602 Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:23:31.695Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7239155"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "For IBM OpenPages 9.0 - Apply 9.0 FixPack 5 (9.0.0.5) - Then Apply 9.0.0.5 Interim Fix 3 (9.0.0.5.3)\u003cbr\u003eDownload URL for 9.0.0.5 -\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5\"\u003ehttps://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5\u003c/a\u003e\u003cbr\u003eDownload URL for 9.0.0.5.3 -\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-3\"\u003ehttps://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-3\u003c/a\u003e\u003cbr\u003e\u003cbr\u003eFor IBM OpenPages 8.3 - Apply 8.3 FixPack 3 (8.3.0.3) - Then Apply 8.3.0.3 Interim Fix 2 (8.3.0.3.2)\u003cbr\u003eDownload URL for 8.3.0.3 -\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/openpages-watson-83-fix-pack-3\"\u003ehttps://www.ibm.com/support/pages/openpages-watson-83-fix-pack-3\u003c/a\u003e\u003cbr\u003eDownload URL for 8.3.0.3.2 -\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/ibm-openpages-8303-interim-fix-2\"\u003ehttps://www.ibm.com/support/pages/ibm-openpages-8303-interim-fix-2\u003c/a\u003e"
}
],
"value": "For IBM OpenPages 9.0 - Apply 9.0 FixPack 5 (9.0.0.5) - Then Apply 9.0.0.5 Interim Fix 3 (9.0.0.5.3)\nDownload URL for 9.0.0.5 -\u00a0 https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5 \nDownload URL for 9.0.0.5.3 -\u00a0 https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-3 \n\nFor IBM OpenPages 8.3 - Apply 8.3 FixPack 3 (8.3.0.3) - Then Apply 8.3.0.3 Interim Fix 2 (8.3.0.3.2)\nDownload URL for 8.3.0.3 -\u00a0 https://www.ibm.com/support/pages/openpages-watson-83-fix-pack-3 \nDownload URL for 8.3.0.3.2 -\u00a0 https://www.ibm.com/support/pages/ibm-openpages-8303-interim-fix-2"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM OpenPages with Watson improper input validation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-27367",
"datePublished": "2025-07-08T18:42:25.925Z",
"dateReserved": "2025-02-22T15:25:27.069Z",
"dateUpdated": "2025-08-24T11:23:31.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
displaying 151 - 160 organizations in total 1855