CVE-2025-14504
Received Received - Intake
Cross-Site Scripting in IBM Sterling B2B Integrator UI

Publication date: 2026-03-13

Last updated on: 2026-03-20

Assigner: IBM Corporation

Description
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-13
Last Modified
2026-03-20
Generated
2026-06-16
AI Q&A
2026-03-13
EPSS Evaluated
2026-06-15
NVD
CVE-2025-14504
EUVD
EUVD-2025-208664
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
ibm sterling_b2b_integrator From 6.1.0.0 (inc) to 6.1.2.8 (exc)
ibm sterling_file_gateway From 6.1.0.0 (inc) to 6.1.2.8 (exc)
ibm sterling_b2b_integrator From 6.2.0.0 (inc) to 6.2.0.5_2 (exc)
ibm sterling_b2b_integrator From 6.2.1.0 (inc) to 6.2.1.1_2 (exc)
ibm sterling_b2b_integrator 6.2.2.0
ibm sterling_file_gateway From 6.2.0.0 (inc) to 6.2.0.5_2 (exc)
ibm sterling_file_gateway From 6.2.1.0 (inc) to 6.2.1.1_2 (exc)
ibm sterling_file_gateway 6.2.2.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-14504 is a cross-site scripting (XSS) vulnerability affecting IBM Sterling B2B Integrator and IBM Sterling File Gateway versions 6.1.0.0 through 6.2.2.0_1. It allows an authenticated user to inject arbitrary JavaScript code into the web user interface of the EBICS server component.

This injected code can alter the intended functionality of the application and potentially lead to the disclosure of credentials within a trusted session.

Impact Analysis

The vulnerability can impact you by allowing an authenticated user to execute arbitrary JavaScript code in the web interface, which can change how the application behaves.

This may lead to the disclosure of sensitive credentials during a trusted session, potentially compromising user accounts and access.

Compliance Impact

I don't know

Detection Guidance

There are no specific detection commands or network/system scanning methods provided for this vulnerability in the available information.

The vulnerability affects IBM Sterling B2B Integrator and IBM Sterling File Gateway versions 6.1.0.0 through 6.2.2.0_1, and it is a cross-site scripting issue exploitable by authenticated users via the web user interface.

Detection would typically involve verifying the affected product versions and monitoring for unusual JavaScript injection attempts in the web UI, but no explicit commands or tools are mentioned.

Mitigation Strategies

The primary and recommended mitigation step is to apply the provided security updates as per APAR IT48563.

  • Upgrade affected IBM Sterling B2B Integrator and IBM Sterling File Gateway versions to fixed versions:
  • - For versions 6.1.0.0 to 6.1.2.7_2: upgrade to 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2, or 6.2.2.0_1
  • - For versions 6.2.0.0 to 6.2.0.5_1: upgrade to 6.2.0.5_2, 6.2.1.1_2, or 6.2.2.0_1
  • - For versions 6.2.1.0 to 6.2.1.1_1: upgrade to 6.2.1.1_2 or 6.2.2.0_1
  • - For version 6.2.2.0: upgrade to 6.2.2.0_1

No workarounds or alternative mitigations are provided, so applying the updates promptly is critical to remediate the vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14504. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart