Security Bulletin: Cross-Site Scripting Vulnerability Affects Dashboard UI of IBM Sterling B2B Integrator (CVE-2021-29764)

2021-10-2617:14:42

www.ibm.com

0.001 Low

EPSS

Percentile

23.6%

JSON

Summary

IBM Sterling B2B Integrator has addressed a stored cross-site scripting vulnerability in the Web UI.

Vulnerability Details

CVEID:CVE-2021-29764
**DESCRIPTION:**IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 202268.
CVSS Base score: 6.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202268 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s)	APAR(s)	Version(s)
IBM Sterling B2B Integrator	IT37031	5.2.0.0 - 5.2.6.5_4
IBM Sterling B2B Integrator	IT37031	6.0.0.0 - 6.0.0.6, 6.0.1.0 - 6.0.3.4
IBM Sterling B2B Integrator	IT37031	6.1.0.0 - 6.1.0.3

Remediation/Fixes

Product & Version	Remediation & Fix
5.2.0.0 - 5.2.6.5_4	Apply IBM Sterling B2B Integrator version 6.0.0.7, 6.0.3.5, 6.1.1.0 on Fix Central
6.0.0.0 - 6.0.0.6, 6.0.1.0 - 6.0.3.4	Apply IBM Sterling B2B Integrator version 6.0.0.7, 6.0.3.5, or 6.1.1.0 on Fix Central
6.1.0.0 - 6.1.0.3	Apply IBM Sterling B2B Integrator version 6.1.1.0 on Fix Central

Workarounds and Mitigations

None

CPENameOperatorVersion
sterling b2b integratoreq5.2.0.0
sterling b2b integratoreq6.1.0.3

CPE	Name	Operator	Version
	sterling b2b integrator	eq	5.2.0.0
	sterling b2b integrator	eq	6.1.0.3

0.001 Low

EPSS

Percentile

23.6%

JSON

Related for 8EB2FC6FA7270DF896103877199BE6CAF6527ADC1E852794F07996ACCA44C266