June 24, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
CVE-2025-6151 – TP-Link TL-WR940N Vulnerability
June 19, 2025
60 GitHub Repos Used to Host Windows Malware – Active IOCs
June 19, 2025
CVE-2025-6151 – TP-Link TL-WR940N Vulnerability
June 19, 2025
60 GitHub Repos Used to Host Windows Malware – Active IOCs
June 19, 2025
Severity
High
Analysis Summary
CVE-2025-1348 CVSS:4
IBM Sterling B2B Integrator and IBM Sterling File Gateway could allow a local user to obtain sensitive information from a user’s web browser cache due to not using a suitable caching policy.
CVE-2025-1349 CVSS:5.5
IBM Sterling B2B Integrator and IBM Sterling File Gateway is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2024-54172 CVSS:4.3
IBM Sterling B2B Integrator and IBM Sterling File Gateway is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVE-2024-54183 CVSS:5.4
IBM Sterling B2B Integrator and IBM Sterling File Gateway is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Impact
- Information Disclosure
- Code Execution
- Cross-Site Scripting
Indicators of Compromise
CVE
CVE-2025-1348
CVE-2025-1349
CVE-2024-54172
CVE-2024-54183
Affected Vendors
- IBM
Affected Products
- IBM Sterling B2B Integrator and IBM Sterling File Gateway - 6.0.0.0 - 6.1.2.6
- IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.2.0.0 - 6.2.0.4
Remediation
Refer to the IBM Security Advisory for patch, upgrade, or suggested workaround information.