CVE-2024-31903

moderate-risk

Published 2025-01-22

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data.

Do I need to act?

18.2% chance of exploitation in next 30 days

EPSS score — higher than 82% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

ADJACENT_NETWORK / LOW complexity

Affected Products (1)

Sterling B2B Integrator

Affected Vendors

Ibm

References (1)

Vendor Advisory https://www.ibm.com/support/pages/node/7172233

/ 100

moderate-risk

Severity 27/34 · High

Exploitability 13/34 · Low

Exposure 5/34 · Minimal