PT-2024-24275 · Ibm · Ibm Sterling B2B Integrator Standard Edition

·

CVE-2024-31903

·

Published

2024-10-04

·

Updated

2025-02-24

CVSS v3.1

8.8

High

VectorAV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions IBM Sterling B2B Integrator Standard Edition versions 6.0.0.0 through 6.1.2.5 IBM Sterling B2B Integrator Standard Edition versions 6.2.0.0 through 6.2.0.2
Description The issue allows an attacker on the local network to execute arbitrary code on the system due to the deserialization of untrusted data.
Recommendations For versions 6.0.0.0 through 6.1.2.5, update to a version that includes the patch for this issue. For versions 6.2.0.0 through 6.2.0.2, update to a version that includes the patch for this issue. As a temporary workaround, consider restricting access to the system to minimize the risk of exploitation.

Fix

LPE

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2025-02400
CVE-2024-31903

Affected Products

Ibm Sterling B2B Integrator Standard Edition