CVE-2025-14504

🗓️ 13 Mar 2026 19:08:37Reported by ibmType

Authenticated user can inject JavaScript into the IBM Sterling Web UI, risking credential disclosure.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2025-14504	13 Mar 202619:08	–	attackerkb
CNNVD	IBM Sterling B2B Integrator和IBM Sterling File Gateway 跨站脚本漏洞	13 Mar 202600:00	–	cnnvd
Cvelist	CVE-2025-14504 IBM Sterling B2B Integrator and IBM Sterling File Gateway Cross-Site Scripting	13 Mar 202619:08	–	cvelist
IBM Security Bulletins	Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable due to XSS vulnerability EBICS server (CVE-2025-14504)	11 Mar 202622:18	–	ibm
EUVD	EUVD-2025-208664	13 Mar 202621:31	–	euvd
NVD	CVE-2025-14504	13 Mar 202619:53	–	nvd
Positive Technologies	PT-2026-25351	13 Mar 202600:00	–	ptsecurity
RedhatCVE	CVE-2025-14504	26 Mar 202615:13	–	redhatcve
Vulnrichment	CVE-2025-14504 IBM Sterling B2B Integrator and IBM Sterling File Gateway Cross-Site Scripting	13 Mar 202619:08	–	vulnrichment

NVD

Vulners

Node

ibm sterling_b2b_integratorRange6.1.0.0–6.1.2.8

ibm sterling_b2b_integratorRange6.2.0.0–6.2.0.5_2

ibm sterling_b2b_integratorRange6.2.1.0–6.2.1.1_2

ibm sterling_b2b_integratorMatch6.2.2.0

ibm sterling_file_gatewayRange6.1.0.0–6.1.2.8

ibm sterling_file_gatewayRange6.2.0.0–6.2.0.5_2

ibm sterling_file_gatewayRange6.2.1.0–6.2.1.1_2

ibm sterling_file_gatewayMatch6.2.2.0

[
  {
    "vendor": "IBM",
    "product": "Sterling B2B Integrator",
    "versions": [
      {
        "status": "affected",
        "version": "6.1.0.0",
        "lessThanOrEqual": "6.1.2.7_2",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "6.2.0.0",
        "lessThanOrEqual": "6.2.0.5_1",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "6.2.1.0",
        "lessThanOrEqual": "6.2.1.1_1",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "6.2.2.0"
      }
    ],
    "cpes": [
      "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:*:*:*:*"
    ]
  },
  {
    "vendor": "IBM",
    "product": "Sterling File Gateway",
    "versions": [
      {
        "status": "affected",
        "version": "6.1.0.0",
        "lessThanOrEqual": "6.1.2.7_2",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "6.2.0.0",
        "lessThanOrEqual": "6.2.0.5_1",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "6.2.1.0",
        "lessThanOrEqual": "6.2.1.1_1",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "6.2.2.0"
      }
    ],
    "cpes": [
      "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:standard:*:*:*",
      "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.7_2:*:*:*:standard:*:*:*",
      "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:*",
      "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.5_1:*:*:*:standard:*:*:*",
      "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.0:*:*:*:standard:*:*:*",
      "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.1.1_1:*:*:*:standard:*:*:*",
      "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.2.0:*:*:*:standard:*:*:*"
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/7263327

20 Mar 2026 19:19Current

5.5Medium risk

Vulners AI Score5.5

CVSS 3.15.4

EPSS0.00012

SSVC

CWE-79