CVE-2026-0835
Received Received - Intake
Cross-Site Scripting in IBM Sterling B2B Integrator UI

Publication date: 2026-03-13

Last updated on: 2026-03-20

Assigner: IBM Corporation

Description
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-13
Last Modified
2026-03-20
Generated
2026-05-07
AI Q&A
2026-03-13
EPSS Evaluated
2026-05-05
NVD
CVE-2026-0835
EUVD
EUVD-2026-12067
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
ibm sterling_b2b_integrator From 6.1.0.0 (inc) to 6.1.2.8 (exc)
ibm sterling_file_gateway From 6.1.0.0 (inc) to 6.1.2.8 (exc)
ibm sterling_b2b_integrator From 6.2.0.0 (inc) to 6.2.0.5_2 (exc)
ibm sterling_b2b_integrator From 6.2.1.0 (inc) to 6.2.1.1_2 (exc)
ibm sterling_b2b_integrator 6.2.2.0
ibm sterling_file_gateway From 6.2.0.0 (inc) to 6.2.0.5_2 (exc)
ibm sterling_file_gateway From 6.2.1.0 (inc) to 6.2.1.1_2 (exc)
ibm sterling_file_gateway 6.2.2.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-0835 is a reflected Cross-Site Scripting (XSS) vulnerability in IBM Sterling B2B Integrator and IBM Sterling File Gateway, specifically in the Advanced File Transfer (AFT) component. It affects versions from 6.1.0.0 through 6.2.2.0_1. This vulnerability allows an authenticated user to inject arbitrary JavaScript code into the web user interface.

The injected code can alter the intended functionality of the web interface and potentially lead to the disclosure of credentials within a trusted session.


How can this vulnerability impact me? :

This vulnerability can impact you by allowing an authenticated user to execute arbitrary JavaScript code in the web interface, which can change how the application behaves.

Such an attack could lead to the disclosure of sensitive credentials during a trusted session, potentially compromising user accounts and access.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

There are no specific detection commands or methods provided to identify this vulnerability on your network or system.


What immediate steps should I take to mitigate this vulnerability?

To mitigate the CVE-2026-0835 vulnerability, you should apply APAR IT48958 and upgrade your IBM Sterling B2B Integrator or IBM Sterling File Gateway to the fixed versions.

  • For versions 6.1.0.0 through 6.1.2.7_2, upgrade to 6.1.2.8, 6.2.0.5_2, 6.2.1.1_2, or 6.2.2.0_1.
  • For versions 6.2.0.0 through 6.2.0.5_1, upgrade to 6.2.0.5_2, 6.2.1.1_2, or 6.2.2.0_1.
  • For versions 6.2.1.0 through 6.2.1.1_1, upgrade to 6.2.1.1_2 or 6.2.2.0_1.
  • For version 6.2.2.0, upgrade to 6.2.2.0_1.

The fixed versions are available on IBM Fix Central (IIM versions) and IBM Entitled Registry (container versions). No workarounds or alternative mitigations are provided.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart