CVE-2020-4657: XSS
First published: Fri Dec 11 2020(Updated: )
IBM Sterling B2B Integrator 5.2.0.0 through 6.0.3.2 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186094.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM B2B Sterling Integrator | <=5.2.0.0 - 6.0.3.2 | |
| IBM B2B Sterling Integrator | >=5.2.0.0<=6.0.3.2 | |
| HPE HP-UX | ||
| IBM AIX | ||
| IBM iSeries AS/400 | ||
| Linux Kernel | ||
| Microsoft Windows Operating System | ||
| Oracle Solaris and Zettabyte File System (ZFS) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-4657?
CVE-2020-4657 is considered a critical vulnerability due to its ability to allow cross-site scripting, which may lead to credential exposure.
How do I fix CVE-2020-4657?
To mitigate CVE-2020-4657, users are advised to apply the relevant security patch provided by IBM for Sterling B2B Integrator versions 5.2.0.0 to 6.0.3.2.
Which versions of IBM Sterling B2B Integrator are affected by CVE-2020-4657?
CVE-2020-4657 affects IBM Sterling B2B Integrator versions 5.2.0.0 through 6.0.3.2 Standard Edition.
What type of vulnerability is CVE-2020-4657?
CVE-2020-4657 is a cross-site scripting vulnerability that allows for the injection of arbitrary JavaScript code.
What are the potential impacts of CVE-2020-4657?
If exploited, CVE-2020-4657 can alter the intended functionality of the Web UI and may lead to the disclosure of user credentials in a trusted session.
- agent/type
- agent/references
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/ibm
- canonical/ibm b2b sterling integrator
- version/ibm b2b sterling integrator/5.2.0.0 - 6.0.3.2
- version/ibm b2b sterling integrator/5.2.0.0
- version/ibm b2b sterling integrator/6.0.3.2
- vendor/hp
- canonical/hpe hp-ux
- canonical/ibm aix
- canonical/ibm iseries as/400
- vendor/linux
- canonical/linux kernel
- vendor/microsoft
- canonical/microsoft windows operating system
- vendor/oracle
- canonical/oracle solaris and zettabyte file system (zfs)