CNNVD-202507-1013 Information
CNNVD ID
CNNVD-202507-1013
Related CVE
- CNNVD Published: 2025-07-08
Description (Chinese)
IBM Sterling B2B Integrator和IBM Sterling File Gateway都是美国国际商业机器(IBM)公司的产品。IBM Sterling B2B Integrator是一套集成了重要的B2B流程、交易和关系的软件。该软件支持与不同的合作伙伴社区之间实现复杂的B2B流程的安全集成。IBM Sterling File Gateway是一套文件传输软件。该软件可整合不同的文件传输活动中心,并帮助基于文件的数据通过因特网实现安全交换。 IBM Sterling B2B Integrator和IBM Sterling File Gateway存在跨站脚本漏洞,该漏洞源于容易受到存储型跨站脚本攻击,可能导致凭据泄露。以下版本受到影响:IBM Sterling B2B Integrator 6.0.0.0至6.1.2.6版本、6.2.0.0至6.2.0.4版本和IBM Sterling File Gateway 6.0.0.0至6.1.2.6版本、6.2.0.0至6.2.0.4版本。
Description (English)
IBM Sterling B2B Integrator and IBM Sterling File Gateway are products of the United States International Business Machine (IBM). IBM Sterling B2B Integrator is a software package that brings together important B2B processes, transactions and relationships. The software supports the safe integration of complex B2B processes with different partner communities. IBM Sterling File Gateway is a file transfer software. The software integrates different document transfer activity centres and helps secure the exchange of document-based data via the Internet. IBM Sterling B2B Integrator and IBM Sterling File Gateway have a cross-site script loophole, which stems from their vulnerability to storage-type cross-station script attacks and could lead to the release of evidence. The following versions have been affected: IBM Sterling B2B Integrator versions 6.0.0 to 6.1.2.6, 6.2.0.0 to 6.2.1.4 and IBM Sterling File Gateway versions 6.0.0 to 6.1.2.6 and 6.2.0.0 to 6.2.2.4.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
国际商业机器
Published
2025-07-08
Last Modified
2026-02-24
References
https://www.ibm.com/support/pages/node/7239095 https://access.redhat.com/security/cve/cve-2025-3630
Patch
https://www.ibm.com/support/pages/node/7239095
Share on: