Sign In

CVE-2025-2694

📊 4.8 MEDIUM0.0%🎯 0 exploits
📅 Published Sep 4, 2025
📋 Status: Analyzed

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

🎯 Affected Products & Systems

4 product configurations affected

Filter by type:
📱
Vulnerable
Version: ≥ 6.0.0.0 ∧ < 6.1.2.7_2
CPE:
cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:*:*:*:*
📱
Vulnerable
Version: ≥ 6.2.0.0 ∧ < 6.2.0.5
CPE:
cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:*:*:*:*
📱
Vulnerable
Version: ≥ 6.0.0.0 ∧ < 6.1.2.7_2
CPE:
cpe:2.3:a:ibm:sterling_file_gateway:*:*:*:*:*:*:*:*
📱
Vulnerable
Version: ≥ 6.2.0.0 ∧ < 6.2.0.5
CPE:
cpe:2.3:a:ibm:sterling_file_gateway:*:*:*:*:*:*:*:*
Metrics
4.8 MEDIUMCVSS v3.1[email protected]
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector:
NETWORK
Complexity:
LOW
Privileges:
HIGH
User Interaction:
REQUIRED
Confidentiality:
LOW
Integrity:
LOW
Availability:
NONE
Scope:
CHANGED

🔍 Technical Details

Analysis Status
Analyzed
CVSS Details
4.8 (MEDIUM)v3.1
Source: [email protected]
EPSS Details
0.0% (Minimal)7.2th percentile
Last updated: Oct 30, 2025
Exploitation probability within 30 days
Published Date
Sep 4, 2025 (1 month ago)
Last Modified
Sep 10, 2025 (1 month ago)
Security Weaknesses1
References2