CVE-2025-14504
Cross-Site Scripting in IBM Sterling B2B Integrator UI
Publication date: 2026-03-13
Last updated on: 2026-03-20
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Affected Vendors & Products
| Vendor | Product | Version |
|---|---|---|
| ibm | sterling_b2b_integrator | From 6.1.0.0 (inc) to 6.1.2.8 (exc) |
| ibm | sterling_file_gateway | From 6.1.0.0 (inc) to 6.1.2.8 (exc) |
| ibm | sterling_b2b_integrator | From 6.2.0.0 (inc) to 6.2.0.5_2 (exc) |
| ibm | sterling_b2b_integrator | From 6.2.1.0 (inc) to 6.2.1.1_2 (exc) |
| ibm | sterling_b2b_integrator | 6.2.2.0 |
| ibm | sterling_file_gateway | From 6.2.0.0 (inc) to 6.2.0.5_2 (exc) |
| ibm | sterling_file_gateway | From 6.2.1.0 (inc) to 6.2.1.1_2 (exc) |
| ibm | sterling_file_gateway | 6.2.2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-14504 is a cross-site scripting (XSS) vulnerability affecting IBM Sterling B2B Integrator and IBM Sterling File Gateway versions 6.1.0.0 through 6.2.2.0_1. It allows an authenticated user to inject arbitrary JavaScript code into the web user interface of the EBICS server component.
This injected code can alter the intended functionality of the application and potentially lead to the disclosure of credentials within a trusted session.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an authenticated user to execute arbitrary JavaScript code in the web interface, which can change how the application behaves.
This may lead to the disclosure of sensitive credentials during a trusted session, potentially compromising user accounts and access.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific detection commands or network/system scanning methods provided for this vulnerability in the available information.
The vulnerability affects IBM Sterling B2B Integrator and IBM Sterling File Gateway versions 6.1.0.0 through 6.2.2.0_1, and it is a cross-site scripting issue exploitable by authenticated users via the web user interface.
Detection would typically involve verifying the affected product versions and monitoring for unusual JavaScript injection attempts in the web UI, but no explicit commands or tools are mentioned.
What immediate steps should I take to mitigate this vulnerability?
The primary and recommended mitigation step is to apply the provided security updates as per APAR IT48563.
- Upgrade affected IBM Sterling B2B Integrator and IBM Sterling File Gateway versions to fixed versions:
- - For versions 6.1.0.0 to 6.1.2.7_2: upgrade to 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2, or 6.2.2.0_1
- - For versions 6.2.0.0 to 6.2.0.5_1: upgrade to 6.2.0.5_2, 6.2.1.1_2, or 6.2.2.0_1
- - For versions 6.2.1.0 to 6.2.1.1_1: upgrade to 6.2.1.1_2 or 6.2.2.0_1
- - For version 6.2.2.0: upgrade to 6.2.2.0_1
No workarounds or alternative mitigations are provided, so applying the updates promptly is critical to remediate the vulnerability.