NEWS 2024 T1 IBM Sterling B2B Integrator dashboard is vulnerable to cross-site request forgery

Integration News

IBM Sterling B2B Integrator dashboard is vulnerable to cross-site request forgery

IBM Sterling B2B Integrator has addressed the cross-site request forgery security vulnerability within dashboard.

Vulnerability Details

CVEID: CVE-2022-35638

Description: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS Base score: 4.3
CVSS Temporal Score: Click here.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)

Affected Products and Versions

Remediation/Fixes

The IIM versions of 6.0.3.9 and 6.1.2.3 are available on Fix Central. The IIM version of 6.2.0.0 is available on Passport Advantage.

The container version of 6.1.2.3 and 6.2.0.0 are available in IBM Entitled Registry.

Workarounds and Mitigations

None.

Click on the button below to download this newsletter in Pdf format.