Home

Description

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.4 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser.

PUBLISHED Reserved 2025-04-15 | Published 2025-07-18 | Updated 2025-08-18 | Assigner ibm




MEDIUM: 5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Problem types

CWE-1022 Use of Web Link to Untrusted Target with window.opener Access

Product status

Default status
unaffected

6.0.0.0 (semver)
affected

6.2.0.0 (semver)
affected

Default status
unaffected

6.0.0.0 (semver)
affected

6.2.0.0 (semver)
affected

References

www.ibm.com/support/pages/node/7240065 vendor-advisory patch

cve.org (CVE-2025-33014)

nvd.nist.gov (CVE-2025-33014)

Download JSON