Security Bulletin: IBM Sterling B2B Integrator vulnerable to cross-site scriptiing (CVE-2023-50307, CVE-2023-45186)

Summary

This bulletin identifies the steps to take to address the cross-site scripting vulnerabilities in IBM Sterling B2B Integrator.

Vulnerability Details

CVEID:CVE-2023-50307
**DESCRIPTION:**IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/273338 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID:CVE-2023-45186
**DESCRIPTION:**IBM Sterling B2B Integrator is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268691 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.

The IIM versions of 6.1.2.5 and 6.2.0.1 are available on Fix Central.

The container version of 6.1.2.5 and 6.2.0.1 are available in IBM Entitled Registry.

Workarounds and Mitigations

None