CVE-2023-50316

Medium

Published: 28 January 2025

Published

28 January 2025

Modified

05 March 2025

KEV Added

—

Patch

—

CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0018 38.7th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Description

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

Security Summary

CVE-2023-50316 is a SQL injection vulnerability (CWE-89) in IBM Sterling B2B Integrator versions 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1. Published on 2025-01-28, it carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). The flaw enables a remote attacker to send specially crafted SQL statements that interact with the back-end database.

A remote attacker with low privileges (PR:L) can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation grants the ability to view, add, modify, or delete information in the back-end database, potentially compromising data integrity and confidentiality.

IBM has published a security advisory at https://www.ibm.com/support/pages/node/7176072 with details on the vulnerability.

Details

CWE(s): CWE-89

Affected Products

ibm

sterling b2b integrator

6.0.0.0 — 6.1.2.5 · 6.2.0.0 — 6.2.0.1

References

https://www.ibm.com/support/pages/node/7176072
Not Applicable · psirt@us.ibm.com