Security Bulletin: The B2B API of IBM Stering B2B Integrator and IBM Sterling File Gateway are Vulnerable to Cross-Site Scripting (CVE-2025-2694)

Summary IBM Stering B2B Integrator and IBM Sterling File Gateway have addressed the cross-site scripting vulnerability Vulnerability Details CVEID:CVE-2025-2694 DESCRIPTION: IBM Sterling B2B Integrator CWE:CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CVSS Source: IBM CVSS Base score: 4.8 CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N) Affected Products and Versions Affected Product(s)| Version(s) —|— IBM Sterling B2B Integrator and IBM Sterling File Gateway| 6.0.0.0 – 6.1.2.7_1 IBM Sterling B2B Integrator and IBM Sterling File Gateway| 6.2.0.0 – 6.2.0.4 Remediation/Fixes Version| APAR| Remediation & Fix —|—|— IBM Sterling B2B Integrator and IBM Sterling File Gateway| 6.0.0.0 – 6.1.2.7_1| IT47981| Apply B2Bi 6.1.2.7_2. 6.2.0.5 or 6.2.1.1 IBM Sterling B2B Integrator and IBM Sterling File Gateway| 6.2.0.0 – 6.2.0.4| IT47981| Apply B2Bi 6.2.0.5 or 6.2.1.1 The IIM versions of 6.1.2.7_2, 6.2.0.5 and 6.2.1.1 are available on Fix Central. The container version of 6.1.2.7_2, 6.2.0.5 and 6.2.1.1 are available in IBM Entitled Registry. Workarounds and Mitigations…Read More