CNNVD-202508-2195 Information
CNNVD ID
CNNVD-202508-2195
Related CVE
- CNNVD Published: 2025-08-19
Description (Chinese)
IBM Sterling B2B Integrator和IBM Sterling File Gateway都是美国国际商业机器(IBM)公司的产品。IBM Sterling B2B Integrator是一套集成了重要的B2B流程、交易和关系的软件。该软件支持与不同的合作伙伴社区之间实现复杂的B2B流程的安全集成。IBM Sterling File Gateway是一套文件传输软件。该软件可整合不同的文件传输活动中心,并帮助基于文件的数据通过因特网实现安全交换。 IBM Sterling B2B Integrator 6.2.1.0版本和IBM Sterling File Gateway 6.2.1.0版本存在跨站脚本漏洞,该漏洞源于已验证用户可在Web界面嵌入任意JavaScript代码,可能导致凭据泄露。
Description (English)
IBM Sterling B2B Integrator and IBM Sterling File Gateway are products of the United States International Business Machine (IBM). IBM Sterling B2B Integrator is a software package that brings together important B2B processes, transactions and relationships. The software supports the safe integration of complex B2B processes with different partner communities. IBM Sterling File Gateway is a file transfer software. The software integrates different document transfer activity centres and helps secure the exchange of document-based data via the Internet. Version 6.2.1.0 of IBM Sterling B2B Integrator and version 6.2.1.0 of IBM Sterling File Gateway have a cross-site script loophole, which originates from the fact that certified users can embed any JavaScript code in the Web interface, which may lead to a leak of evidence.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
国际商业机器
Published
2025-08-19
Last Modified
2026-02-24
References
https://www.ibm.com/support/pages/node/7242392 https://nvd.nist.gov/vuln/detail/CVE-2025-33008 https://access.redhat.com/security/cve/cve-2025-33008
Patch
https://www.ibm.com/support/pages/node/7242392
Share on: