CVE-2024-54172
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-07-25
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| ibm | sterling_b2b_integrator | From 6.0.0.0 (inc) to 6.1.2.7 (exc) |
| ibm | sterling_b2b_integrator | From 6.2 (inc) to 6.2.0.5 (exc) |
| ibm | sterling_file_gateway | From 6.0.0.0 (inc) to 6.1.2.7 (exc) |
| ibm | sterling_file_gateway | From 6.2.0.0 (inc) to 6.2.0.5 (exc) |
| ibm | aix | * |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue affecting IBM Sterling B2B Integrator and IBM Sterling File Gateway versions 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4. It allows an attacker to trick a user's browser into executing unauthorized and malicious actions on a website that the user trusts, without the user's consent. The attacker exploits the trust the website has in the user's browser to perform these actions. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to perform unauthorized actions on your IBM Sterling B2B Integrator or IBM Sterling File Gateway systems through a user's browser. Although it does not affect confidentiality or availability, it has a low impact on integrity, meaning attackers could potentially alter data or perform malicious actions without proper authorization. This could lead to unauthorized changes or disruptions in your business processes that rely on these products. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should apply the fix APAR IT47432 by upgrading IBM Sterling B2B Integrator and IBM Sterling File Gateway to versions 6.1.2.7, 6.2.0.5, or 6.2.1.0. The updated versions are available on IBM Fix Central for IIM installations and via the IBM Entitled Registry for container versions. No workarounds or alternative mitigations are provided, so prompt application of the fix is advised. [1]