First published: Thu Nov 14 2024(Updated: )
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM B2B Sterling Integrator | >=6.0.0.0<=6.1.2.5 | |
IBM B2B Sterling Integrator | <=6.0.0.0 - 6.1.2.5 | |
IBM B2B Sterling Integrator | <=6.2.0.0 | |
>=6.0.0.0<=6.1.2.5 | ||
=6.2.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-32340 is classified as a moderate severity vulnerability due to its potential impact on the security of user credentials.
To fix CVE-2023-32340, upgrade IBM Sterling B2B Integrator to version 6.1.2.6 or higher.
CVE-2023-32340 affects IBM Sterling B2B Integrator versions from 6.0.0.0 through 6.1.2.5 and 6.2.0.0.
Exploitation of CVE-2023-32340 could allow attackers to execute arbitrary JavaScript in the Web UI, leading to potential credential disclosure.
Yes, exploitation of CVE-2023-32340 generally requires user interaction, as it involves embedding JavaScript within the Web UI.