CVE-2024-31903 HIGH

CVE-2024-31903: IBM Sterling B2B Integrator Standard Edition code execution

Vendor Ibm

Product Sterling B2B Integrator Standard Edition

Weakness CWE-502 · Unsafe deserialization

Published January 22, 2025

Last update February 12, 2025

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Adjacent

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data.

Key dates

02Disclosure timeline

January 22, 2025 CVE published

February 12, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-31903 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/502.html

Related vulnerabilities

Identifiers

CVE CVE-2024-31903

CWE CWE-502

CVSS 8.8 / HIGH

Affected versions

Vendor Ibm

Product Sterling B2B Integrator Standard Edition

Affected ≥ 6.0.0.0 and ≤ 6.1.2.5

Vendor Ibm

Product Sterling B2B Integrator Standard Edition

Affected ≥ 6.2.0.0 and ≤ 6.2.0.2

CVE-2024-31903: IBM Sterling B2B Integrator Standard Edition code execution

01Description

02Disclosure timeline

03References

04Related CVE