Integration News
IBM Sterling B2B Integrator dashboard is vulnerable to cross-site request forgery
IBM Sterling B2B Integrator has addressed the cross-site request forgery security vulnerability within dashboard.
Vulnerability Details
CVEID: CVE-2022-35638
Description: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS Base score: 4.3
CVSS Temporal Score: Click here.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
Affected Products and Versions
Remediation/Fixes
The IIM versions of 6.0.3.9 and 6.1.2.3 are available on Fix Central. The IIM version of 6.2.0.0 is available on Passport Advantage.
The container version of 6.1.2.3 and 6.2.0.0 are available in IBM Entitled Registry.
Workarounds and Mitigations
None.