CVE-2025-3630

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-3630
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

6.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://www.ibm.com/support/pages/node/7239095 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:sterling_file_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_file_gateway:*:*:*:*:*:*:*:*
OR cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
History

02 Aug 2025, 01:22

Type Values Removed Values Added
References () https://www.ibm.com/support/pages/node/7239095 - () https://www.ibm.com/support/pages/node/7239095 - Vendor Advisory
CPE cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:sterling_file_gateway:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
Summary
  • (es) IBM Sterling B2B Integrator 6.0.0.0 a 6.1.2.6, 6.2.0.0 a 6.2.0.4, IBM Sterling File Gateway 6.0.0.0 a 6.1.2.6 y 6.2.0.0 a 6.2.0.4 es vulnerable a cross-site scripting almacenado. Esta vulnerabilidad permite a los usuarios autenticados incrustar código JavaScript arbitrario en la interfaz web, alterando así la funcionalidad prevista y pudiendo provocar la divulgación de credenciales en una sesión de confianza.
First Time Ibm aix
Linux
Ibm sterling File Gateway
Microsoft windows
Linux linux Kernel
Ibm sterling B2b Integrator
Microsoft
Ibm

08 Jul 2025, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-07-08 15:15

Updated : 2025-08-02 01:22

NVD link : CVE-2025-3630

Mitre link : CVE-2025-3630

CVE.ORG link : CVE-2025-3630

JSON object : View

Products Affected

ibm

  • sterling_file_gateway
  • aix
  • sterling_b2b_integrator

microsoft

  • windows

linux

  • linux_kernel
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')