Medium Severity

Security Bulletin: Cross-Site Scripting Vulnerability Affects Dashboard UI of IBM Sterling B2B Integrator (CVE-2021-29764)

Share this post:

IBM Sterling B2B Integrator has addressed a stored cross-site scripting vulnerability in the Web UI.

CVE(s): CVE-2021-29764

Affected product(s) and affected version(s):

Affected Product(s) APAR(s) Version(s)
IBM Sterling B2B Integrator IT37031 5.2.0.0 – 5.2.6.5_4
IBM Sterling B2B Integrator IT37031 6.0.0.0 – 6.0.0.6, 6.0.1.0 – 6.0.3.4
IBM Sterling B2B Integrator IT37031 6.1.0.0 – 6.1.0.3

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6495967
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/202268

More stories

Security Bulletin: Multiple vulnerabilities may affect IBM® Semeru Runtime

Dec 2, 2021 7:01 pm EST | Medium Severity

This bulletin covers all applicable Java SE CVEs published by OpenJDK as part of their October 2021 Vulnerability Advisory, plus CVE-2021-41035. For more information please refer to OpenJDK's October 2021 Vulnerability Advisory and the X-Force database entries referenced below. ...read more


Security Bulletin: This Power System update is being released to address CVE 2020-16166

Dec 2, 2021 7:00 pm EST | Medium Severity

POWER9: In response to a security issue with BMC's network service, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE 2020-16166. ...read more


Security Bulletin: Security Vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU – Oct 2020 – affect multiple IBM Continuous Engineering products based on IBM Jazz Technology

Dec 1, 2021 7:02 pm EST | Medium Severity

There are multiple vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU - Oct 2020 - Includes Oracle Oct 2020 CPU minus CVE-2020-14781 and CVE-2020-14782 and CVE-2020-14782 that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Global Configuration Management (GCM). These issues were disclosed as part of the IBM Java SDK updates in Oct 2020. ...read more