CNNVD-202506-2546 Information

Jun 18, 2025 cve

CNNVD ID

CNNVD-202506-2546

CVE-2025-1349

  • CNNVD Published: 2025-06-18

Description (Chinese)

IBM Sterling B2B Integrator和IBM Sterling File Gateway都是美国国际商业机器(IBM)公司的产品。IBM Sterling B2B Integrator是一套集成了重要的B2B流程、交易和关系的软件。该软件支持与不同的合作伙伴社区之间实现复杂的B2B流程的安全集成。IBM Sterling File Gateway是一套文件传输软件。该软件可整合不同的文件传输活动中心,并帮助基于文件的数据通过因特网实现安全交换。 IBM Sterling B2B Integrator和IBM Sterling File Gateway 6.0.0.0至6.1.2.6版本和6.2.0.0至6.2.0.4版本存在跨站脚本漏洞,该漏洞源于存储型跨站脚本,可能导致凭据泄露。

Description (English)

IBM Sterling B2B Integrator and IBM Sterling File Gateway are products of the United States International Business Machine (IBM). IBM Sterling B2B Integrator is a software package that brings together important B2B processes, transactions and relationships. The software supports the safe integration of complex B2B processes with different partner communities. IBM Sterling File Gateway is a file transfer software. The software integrates different document transfer activity centres and helps secure the exchange of document-based data via the Internet. IBM Sterling B2B Integrator and IBM Sterling File Gateway versions 6.0.0 to 6.1.2.6 and 6.2.0.0 to 6.2.2.4 have cross-site script holes, which originate from storage-type cross-site scripts and can lead to the disclosure of evidence.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

国际商业机器

Published

2025-06-18

Last Modified

2026-02-24

References

https://www.ibm.com/support/pages/node/7237109

Patch

https://www.ibm.com/support/pages/node/7237109

Share on: