IBM Sterling B2B Integrator RCE via Deserialization 6.0.0.0-6.2.0.2
CVE-2024-31903 Published on January 22, 2025

IBM Sterling B2B Integrator Standard Edition code execution
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data.

Vendor Advisory NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE-2024-31903 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.

Products Associated with CVE-2024-31903

Want to know whenever a new CVE is published for IBM Sterling B2b Integrator? stack.watch will email you.

IBM Sterling B2b Integrator

Affected Versions

IBM Sterling B2B Integrator Standard Edition:

Version 6.0.0.0, <= 6.1.2.5 is affected.
Version 6.2.0.0, <= 6.2.0.2 is affected.

Exploit Probability

EPSS

17.08%

Percentile

94.85%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

IBM Sterling B2B Integrator RCE via Deserialization 6.0.0.0-6.2.0.2CVE-2024-31903 Published on January 22, 2025

Vulnerability Analysis

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

Products Associated with CVE-2024-31903

Affected Versions

Exploit Probability

IBM Sterling B2B Integrator RCE via Deserialization 6.0.0.0-6.2.0.2
CVE-2024-31903 Published on January 22, 2025