CVE-2024-31903

HIGH

IBM Sterling B2b Integrator < 6.1.2.5 - Insecure Deserialization

Title source: rule

Description

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data.

Exploits (1)

nomisec WORKING POC 1 stars

by ReversecLabs · poc

https://github.com/ReversecLabs/ibm-sterling-b2b-integrator-poc

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://www.ibm.com/support/pages/node/7172233

Scores

CVSS v3 8.8

EPSS 0.1819

EPSS Percentile 95.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

ibm/sterling_b2b_integrator < 6.1.2.5

Timeline

Published Jan 22, 2025

Tracked Since Feb 18, 2026