
CVE-2025-33014 – IBM Sterling B2B Integrator and IBM Sterling File Gateway link injection
https://notcve.org/view.php?id=CVE-2025-33014
18 Jul 2025 — IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.4 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser. IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.4 uses a web link with untrusted references to an external site. A remote attacker coul... • https://www.ibm.com/support/pages/node/7240065 • CWE-1022: Use of Web Link to Untrusted Target with window.opener Access •

CVE-2025-2793 – IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting
https://notcve.org/view.php?id=CVE-2025-2793
08 Jul 2025 — IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7239092 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2025-3630 – IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting
https://notcve.org/view.php?id=CVE-2025-3630
08 Jul 2025 — IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7239095 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2025-1349 – IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting
https://notcve.org/view.php?id=CVE-2025-1349
18 Jun 2025 — IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7237109 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2025-1348 – IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure
https://notcve.org/view.php?id=CVE-2025-1348
18 Jun 2025 — IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 could allow a local user to obtain sensitive information from a user’s web browser cache due to not using a suitable caching policy. • https://www.ibm.com/support/pages/node/7237068 • CWE-525: Use of Web Browser Cache Containing Sensitive Information •

CVE-2024-54172 – IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-54172
18 Jun 2025 — IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. • https://www.ibm.com/support/pages/node/7237059 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVE-2024-54183 – IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting
https://notcve.org/view.php?id=CVE-2024-54183
18 Jun 2025 — IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7237060 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-56338 – IBM Sterling B2B Integrator cross-site scripting
https://notcve.org/view.php?id=CVE-2024-56338
11 Mar 2025 — IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7185265 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-52905 – IBM Sterling B2B Integrator information disclosure
https://notcve.org/view.php?id=CVE-2024-52905
10 Mar 2025 — IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 could disclose sensitive database information to a privileged user. • https://www.ibm.com/support/pages/node/7185264 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •

CVE-2024-47116 – IBM Sterling B2B Integrator cross-site scripting
https://notcve.org/view.php?id=CVE-2024-47116
31 Jan 2025 — IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7182046 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •