CVE-2024-31903

HIGH

IBM Sterling B2B Integrator 6.0.0.0-6.1.2.5 & 6.2.0.0-6.2.0.2 - RCE via Untrusted Deserialization

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-31903. PoCs published by ReversecLabs.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2024-31903, a pre-auth deserialization RCE vulnerability in IBM Sterling B2B Integrator. The exploit leverages Java deserialization to execute arbitrary commands on vulnerable systems, with additional tools for establishing a reverse shell.

Description

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data.

Exploits (1)

nomisec WORKING POC 1 stars

by ReversecLabs · poc

https://github.com/ReversecLabs/ibm-sterling-b2b-integrator-poc

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2024-31903, a pre-auth deserialization RCE vulnerability in IBM Sterling B2B Integrator. The exploit leverages Java deserialization to execute arbitrary commands on vulnerable systems, with additional tools for establishing a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: IBM Sterling B2B Integrator versions 6.2.0.0 to 6.2.0.2, and 6.0.0.0 to 6.1.2.5

No auth needed

Prerequisites: Access to the target system's network · Java JDK for compilation · Relevant JAR files from IBM Sterling B2B Integrator

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://www.ibm.com/support/pages/node/7172233

Scores

CVSS v3 8.8

EPSS 0.0097

EPSS Percentile 57.2%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-502

Status published

Products (1)

ibm/sterling_b2b_integrator 6.0.0.0 - 6.1.2.5

Published Jan 22, 2025

Tracked Since Feb 18, 2026