What is the severity of CVE-2021-20562?

CVE-2021-20562 has a medium severity rating due to its potential for cross-site scripting attacks.

How do I fix CVE-2021-20562?

To mitigate CVE-2021-20562, apply the latest patches provided by IBM for affected versions of Sterling B2B Integrator.

Which versions of IBM Sterling B2B Integrator are affected by CVE-2021-20562?

CVE-2021-20562 affects IBM Sterling B2B Integrator versions from 5.2.0.0 to 5.2.6.5_3 and 6.1.0.0 to 6.1.0.2.

What type of attack is possible with CVE-2021-20562?

CVE-2021-20562 allows for cross-site scripting (XSS) attacks, enabling the embedding of arbitrary JavaScript code.

What could be the consequences of exploiting CVE-2021-20562?

Exploitation of CVE-2021-20562 could lead to credential disclosure and unwanted modifications to the web application's functionality.

Vulnerability/
CVE-2021-20562

medium

5.4

CWE

15/7/2021

27/7/2021

16/9/2024

CVE-2021-20562: XSS

First published: Thu Jul 15 2021(Updated: )

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 and 6.1.0.0 through 6.1.0.2 vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199232.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM B2B Sterling Integrator	<=5.2.0.0 - 5.2.6.5_3
IBM B2B Sterling Integrator	<=6.0.0.0 - 6.0.3.4
IBM B2B Sterling Integrator	<=6.1.0.0 - 6.1.0.2
IBM B2B Sterling Integrator	>=5.2.0.0<=5.2.6.5_3
IBM B2B Sterling Integrator	>=6.1.0.0<=6.1.0.2
HPE HP-UX
IBM AIX
IBM i
Linux kernel
Microsoft Windows
Oracle Solaris SPARC

Remedy

https://www.ibm.com/support/pages/node/6475301

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6475301

Frequently Asked Questions

What is the severity of CVE-2021-20562?
CVE-2021-20562 has a medium severity rating due to its potential for cross-site scripting attacks.
How do I fix CVE-2021-20562?
To mitigate CVE-2021-20562, apply the latest patches provided by IBM for affected versions of Sterling B2B Integrator.
Which versions of IBM Sterling B2B Integrator are affected by CVE-2021-20562?
CVE-2021-20562 affects IBM Sterling B2B Integrator versions from 5.2.0.0 to 5.2.6.5_3 and 6.1.0.0 to 6.1.0.2.
What type of attack is possible with CVE-2021-20562?
CVE-2021-20562 allows for cross-site scripting (XSS) attacks, enabling the embedding of arbitrary JavaScript code.
What could be the consequences of exploiting CVE-2021-20562?
Exploitation of CVE-2021-20562 could lead to credential disclosure and unwanted modifications to the web application's functionality.

agent/type
agent/references
agent/first-publish-date
agent/severity
agent/weakness
agent/remedy
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
vendor/ibm
canonical/ibm b2b sterling integrator
version/ibm b2b sterling integrator/5.2.0.0 - 5.2.6.5_3
version/ibm b2b sterling integrator/6.0.0.0 - 6.0.3.4
version/ibm b2b sterling integrator/6.1.0.0 - 6.1.0.2
version/ibm b2b sterling integrator/5.2.0.0
version/ibm b2b sterling integrator/5.2.6.5_3
version/ibm b2b sterling integrator/6.1.0.0
version/ibm b2b sterling integrator/6.1.0.2
vendor/hp
canonical/hpe hp-ux
canonical/ibm aix
canonical/ibm i
vendor/linux
canonical/linux kernel
vendor/microsoft
canonical/microsoft windows
vendor/oracle
canonical/oracle solaris sparc