CVE-2025-33014
IBM Sterling B2B Integrator and IBM Sterling File Gateway link injection
In short
IBM Sterling B2B Integrator and File Gateway contain a flaw where web links can point to untrusted external websites. An attacker could trick users into clicking these links to steal sensitive information or perform unwanted actions in their browsers.
Technical detail
CWE-1022 link injection vulnerability in IBM Sterling B2B Integrator and File Gateway (versions 6.0.0.0–6.1.2.7 and 6.2.0.0–6.2.0.4) allows remote attackers to inject malicious external links into the application interface. Exploitation requires user interaction (clicking the link) and can result in credential theft, unauthorized transactions, or information disclosure via the victim's authenticated session.
Summary generated and translated by AI from the official description.
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.4 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →