Medium Severity

Security Bulletin: Cross-Site Scripting Vulnerability Affects Dashboard UI of IBM Sterling B2B Integrator (CVE-2021-29764)

Share this post:

IBM Sterling B2B Integrator has addressed a stored cross-site scripting vulnerability in the Web UI.

CVE(s): CVE-2021-29764

Affected product(s) and affected version(s):

Affected Product(s) APAR(s) Version(s)
IBM Sterling B2B Integrator IT37031 5.2.0.0 – 5.2.6.5_4
IBM Sterling B2B Integrator IT37031 6.0.0.0 – 6.0.0.6, 6.0.1.0 – 6.0.3.4
IBM Sterling B2B Integrator IT37031 6.1.0.0 – 6.1.0.3

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6495967
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/202268

More stories

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager

Nov 25, 2021 7:00 pm EST | Medium Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Netcool Agile Service Manager. IBM Netcool Agile Service Manager has addressed the applicable CVEs. ...read more


Security Bulletin: Vulnerability in Dojo may affect IBM Cúram Social Program Management (CVE-2018-15494)

Nov 25, 2021 7:00 pm EST | Medium Severity

IBM Cúram Social Program Management uses the Dojo libraries, for which there is a publicly known vulnerability. Dojo Toolkit is vulnerable to cross-site scripting attack, caused by improper validation of user-supplied input by the DataGrid component. ...read more


Security Bulletin: Vulnerability in Apache Santuario XML Security for Java may affect Cúram Social Program Management (CVE-2021-40690)

Nov 25, 2021 7:00 pm EST | Medium Severity

IBM Cúram Social Program Management uses the Apache Santuario XML Security for Java libraries, for which there is a publicly known vulnerability. For this vulnerability Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the improper passing of the "secureValidation" property when creating a KeyInfo from a KeyInfoReference element. ...read more