VYPR
← All advisories
Medium severity5.4NVD Advisory· Published Jun 23, 2017· Updated May 13, 2026

CVE-2017-1348

CVE-2017-1348

Description

IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126524.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

IBM Sterling B2B Integrator 5.2 is vulnerable to stored cross-site scripting in the Web UI, allowing authenticated users to inject arbitrary JavaScript leading to credential disclosure.

Vulnerability

IBM Sterling B2B Integrator Standard Edition version 5.2 is vulnerable to a cross-site scripting (XSS) flaw, as described in the advisory [1]. The vulnerability resides in the Web UI and allows users to embed arbitrary JavaScript code. Affected versions include IBM Sterling B2B Integrator Standard Edition 5.2.

Exploitation

An authenticated user with low privileges can inject malicious JavaScript code into the Web UI. The attack requires user interaction, as the injected script executes in the context of a trusted session when a victim user views the crafted content. The CVSS vector indicates network-based exploitation with low complexity [1].

Impact

Successful exploitation could lead to credentials disclosure within the context of a trusted session. The attacker can alter intended functionality, potentially accessing sensitive information or performing actions on behalf of the victim, with low impact on confidentiality and integrity [1].

Mitigation

IBM has released a fix as part of a security bulletin [1]. Administrators should apply the latest patches as provided in the IBM support document. No workarounds are documented; upgrading to the fixed version is the recommended mitigation.

References
  1. Security Bulletin: Multiple vulnerabilities in EBICS client in IBM Sterling B2B Integrator (CVE-2017-1132, CVE-2017-1347, CVE-2017-1348)

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.