CVE-2024-31903

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7172233	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:sterling_b2b_integrator:::::standard:::*
	cpe:2.3:a:ibm:sterling_b2b_integrator:::::standard:::*

History

05 Mar 2025, 16:02

Type	Values Removed	Values Added
References	~~() https://www.ibm.com/support/pages/node/7172233 -~~	() https://www.ibm.com/support/pages/node/7172233 - Vendor Advisory
Summary		(es) IBM Sterling B2B Integrator Standard Edition 6.0.0.0 a 6.1.2.5 y 6.2.0.0 a 6.2.0.2 permiten que un atacante en la red local ejecute código arbitrario en sistema, causado por la deserialización de datos no confiables.
CPE		cpe:2.3:a:ibm:sterling_b2b_integrator:::::standard:::*
First Time		Ibm sterling B2b Integrator Ibm

22 Jan 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-22 16:15

Updated : 2025-03-05 16:02

NVD link : CVE-2024-31903

Mitre link : CVE-2024-31903

CVE.ORG link : CVE-2024-31903

JSON object : View

Products Affected

ibm

sterling_b2b_integrator

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2024-31903", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2025-01-22T16:15:29.030", "references": [{"url": "https://www.ibm.com/support/pages/node/7172233", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "IBM Sterling B2B Integrator Standard Edition\u00a06.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data."}, {"lang": "es", "value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 a 6.1.2.5 y 6.2.0.0 a 6.2.0.2 permiten que un atacante en la red local ejecute c\u00f3digo arbitrario en sistema, causado por la deserializaci\u00f3n de datos no confiables."}], "lastModified": "2025-03-05T16:02:20.257", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:*", "vulnerable": true, "matchCriteriaId": "61E77E5A-B2DD-4ABA-BD86-7D097EB0AC8A", "versionEndIncluding": "6.1.2.5", "versionStartIncluding": "6.0.0.0"}, {"criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:*", "vulnerable": true, "matchCriteriaId": "AC25541C-DC23-4384-8DA8-30A7528FD1AB", "versionEndIncluding": "6.2.0.2", "versionStartIncluding": "6.2.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}