CNNVD-202509-602 Information

Sep 04, 2025 cve

CNNVD ID

CNNVD-202509-602

CVE-2025-2694

  • CNNVD Published: 2025-09-04

Description (Chinese)

IBM Sterling B2B Integrator和IBM Sterling File Gateway都是美国国际商业机器(IBM)公司的产品。IBM Sterling B2B Integrator是一套集成了重要的B2B流程、交易和关系的软件。该软件支持与不同的合作伙伴社区之间实现复杂的B2B流程的安全集成。IBM Sterling File Gateway是一套文件传输软件。该软件可整合不同的文件传输活动中心,并帮助基于文件的数据通过因特网实现安全交换。 IBM Sterling B2B Integrator和IBM Sterling File Gateway存在跨站脚本漏洞,该漏洞源于容易受到跨站脚本攻击,可能导致凭据泄露。以下版本受到影响:IBM Sterling B2B Integrator 6.1.2.7_1及之前版本和6.2.0.4及之前版本、IBM Sterling File Gateway 6.1.2.7_1及之前版本和6.2.0.4及之前版本。

Description (English)

IBM Sterling B2B Integrator and IBM Sterling File Gateway are products of the United States International Business Machine (IBM). IBM Sterling B2B Integrator is a software package that brings together important B2B processes, transactions and relationships. The software supports the safe integration of complex B2B processes with different partner communities. IBM Sterling File Gateway is a file transfer software. The software integrates different document transfer activity centres and helps secure the exchange of document-based data via the Internet. IBM Sterling B2B Integrator and IBM Sterling File Gateway have a cross-site script loophole, which stems from their vulnerability to cross-site script attacks and could lead to the disclosure of evidence. The following versions were affected: IBM Sterling B2B Institute 6.1.1.7 1 and previous and 6.2.1.4 and earlier, IBM Sterling File Gateway 6.1.1.7 1 and previous and 6.2.1.4.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

国际商业机器

Published

2025-09-04

Last Modified

2026-02-24

References

https://www.ibm.com/support/pages/node/7244023

Patch

https://www.ibm.com/support/pages/node/7244023

Share on: