6.1

CVE-2025-33014

IBM Sterling B2B Integrator and IBM Sterling File Gateway link injection

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.4 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmSterling B2b Integrator SwEditionstandard Version >= 6.0.0.0 < 6.1.2.7_1
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmSterling B2b Integrator SwEditionstandard Version >= 6.2 < 6.2.0.5
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmSterling File Gateway Version >= 6.0.0.0 < 6.1.2.7_1
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmSterling File Gateway Version >= 6.2.0.0 < 6.2.0.5
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.11% 0.282
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
psirt@us.ibm.com 5.4 2.3 2.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE-1022 Use of Web Link to Untrusted Target with window.opener Access

The web application produces links to untrusted external sites outside of its sphere of control, but it does not properly prevent the external site from modifying security-critical properties of the window.opener object, such as the location property.