First published: Fri Dec 11 2020(Updated: )
IBM Sterling B2B Integrator 5.2.0.0 through 6.0.3.2 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186094.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM B2B Sterling Integrator | <=5.2.0.0 - 6.0.3.2 | |
IBM B2B Sterling Integrator | >=5.2.0.0<=6.0.3.2 | |
HPE HP-UX | ||
IBM AIX | ||
IBM iSeries AS/400 | ||
Linux Kernel | ||
Microsoft Windows Operating System | ||
Oracle Solaris and Zettabyte File System (ZFS) |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-4657 is considered a critical vulnerability due to its ability to allow cross-site scripting, which may lead to credential exposure.
To mitigate CVE-2020-4657, users are advised to apply the relevant security patch provided by IBM for Sterling B2B Integrator versions 5.2.0.0 to 6.0.3.2.
CVE-2020-4657 affects IBM Sterling B2B Integrator versions 5.2.0.0 through 6.0.3.2 Standard Edition.
CVE-2020-4657 is a cross-site scripting vulnerability that allows for the injection of arbitrary JavaScript code.
If exploited, CVE-2020-4657 can alter the intended functionality of the Web UI and may lead to the disclosure of user credentials in a trusted session.