CVE-2024-31903 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-31903 PUBLISHED CVSS 8.800000190734863 HIGH

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data.

EPSS 18.19% · 95.1th percentile

Risk Scores

CVSS v3.1

8.800000190734863

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

18.19%

95.1th percentile

Affected Products

Vendor	Product	Versions
ibm	sterling_b2b_integrator	6.0.0.0, 6.2.0.0
IBM	Sterling B2B Integrator Standard Edition	6.0.0.0, 6.2.0.0

Timeline

Oct 11, 2024 CVE Published
Jan 22, 2025 PoC Published
Jan 22, 2025 PoC Published
Jan 22, 2025 PoC Published
Jan 22, 2025 PoC Published
Jan 23, 2025 EPSS Score
Feb 2, 2025 Coalition ESS Score
Feb 21, 2025 EPSS Score
Mar 13, 2025 Coalition ESS Score
Mar 17, 2025 EPSS Score
Mar 19, 2025 EPSS Score
Mar 21, 2025 EPSS Score

References

https://www.ibm.com/support/pages/node/7172233 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2024-31903 advisory
https://www.ibm.com/support/pages/node/7172211 advisory
https://www.ibm.com/support/pages/node/7172678 advisory

Open in Interactive Console →