CVE-2025-33014
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-18

Last updated on: 2025-08-02

Assigner: IBM Corporation

Description
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.4Β uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-18
Last Modified
2025-08-02
Generated
2026-05-06
AI Q&A
2025-07-18
EPSS Evaluated
2026-05-05
NVD
CVE-2025-33014
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
ibm sterling_b2b_integrator From 6.0.0.0 (inc) to 6.1.2.7_1 (exc)
ibm sterling_b2b_integrator From 6.2 (inc) to 6.2.0.5 (exc)
ibm sterling_file_gateway From 6.0.0.0 (inc) to 6.1.2.7_1 (exc)
ibm sterling_file_gateway From 6.2.0.0 (inc) to 6.2.0.5 (exc)
ibm aix *
microsoft windows *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1022 The web application produces links to untrusted external sites outside of its sphere of control, but it does not properly prevent the external site from modifying security-critical properties of the window.opener object, such as the location property.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in IBM Sterling B2B Integrator and IBM Sterling File Gateway involves the use of a web link that references an untrusted external site without proper validation. Specifically, the QueueWatch UI component uses a web link with window.opener access to an untrusted target, which can be exploited by a remote attacker. This allows the attacker to expose sensitive information or perform unauthorized actions within the victim's web browser. [1]


How can this vulnerability impact me? :

The vulnerability can impact you by allowing a remote attacker to expose sensitive information or perform unauthorized actions on your web browser when interacting with the affected IBM Sterling products. This could lead to information disclosure and unauthorized browser-based actions, potentially compromising confidentiality and integrity to a low degree. [1]


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, apply the specific APAR fixes provided by IBM: for versions 6.0.0.0 to 6.1.2.7, apply B2Bi 6.1.2.7_1.6.2.0.5 or 6.2.1.0; for versions 6.2.0.0 to 6.2.0.4, apply B2Bi 6.2.0.5 or 6.2.1.0. These fixes are available on IBM Fix Central for IIM versions and via IBM Entitled Registry for container versions. No workarounds or other mitigations are provided. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart