{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-31903", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2024-04-07T12:45:07.197Z", "datePublished": "2025-01-22T16:08:02.810Z", "dateUpdated": "2025-02-12T20:41:23.769Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:standard:*:*:*", "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.5:*:*:*:standard:*:*:*", "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:*", "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.2:*:*:*:standard:*:*:*"], "defaultStatus": "unaffected", "product": "Sterling B2B Integrator Standard Edition", "vendor": "IBM", "versions": [{"lessThanOrEqual": "6.1.2.5", "status": "affected", "version": "6.0.0.0", "versionType": "semver"}, {"lessThanOrEqual": "6.2.0.2", "status": "affected", "version": "6.2.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">IBM Sterling B2B Integrator Standard Edition&nbsp;6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data.</span><br><br>"}], "value": "IBM Sterling B2B Integrator Standard Edition\u00a06.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-01-22T16:13:37.803Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7172233"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Sterling B2B Integrator Standard Edition code execution", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-31903", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-22T17:34:46.098805Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T20:41:23.769Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-31903", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-22T17:34:46.098805Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T20:33:45.607Z"}}], "cna": {"title": "IBM Sterling B2B Integrator Standard Edition code execution", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:standard:*:*:*", "cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.5:*:*:*:standard:*:*:*", "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:*", "cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.2:*:*:*:standard:*:*:*"], "vendor": "IBM", "product": "Sterling B2B Integrator Standard Edition", "versions": [{"status": "affected", "version": "6.0.0.0", "versionType": "semver", "lessThanOrEqual": "6.1.2.5"}, {"status": "affected", "version": "6.2.0.0", "versionType": "semver", "lessThanOrEqual": "6.2.0.2"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ibm.com/support/pages/node/7172233", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM Sterling B2B Integrator Standard Edition\u00a06.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">IBM Sterling B2B Integrator Standard Edition&nbsp;6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data.</span><br><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-01-22T16:13:37.803Z"}}}, "cveMetadata": {"cveId": "CVE-2024-31903", "state": "PUBLISHED", "dateUpdated": "2025-02-12T20:41:23.769Z", "dateReserved": "2024-04-07T12:45:07.197Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-01-22T16:08:02.810Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Sterling B2B Integrator Standard Edition\u00a06.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data."}], "id": "CVE-2024-31903", "lastModified": "2025-01-22T16:15:29.030", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2025-01-22T16:15:29.030", "references": [{"source": "psirt@us.ibm.com", "url": "https://www.ibm.com/support/pages/node/7172233"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}