CVE-2024-54172 – IBM Sterling B2B Integrator and IBM Sterling File Gateway Cross-Site Request Forgery

June 18, 2025

CVE ID : CVE-2024-54172

Published : June 18, 2025, 5:15 p.m. | 1 hour, 2 minutes ago

Description : IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-1349 – IBM Sterling B2B Integrator and IBM Sterling File Gateway Cross-Site Scripting

Next Article RapperBot Botnet Attack Peaks 50,000+ Attacks Targeting Network Edge Devices

Highlights

CVE-2025-20188 – Cisco IOS XE Software Wireless LAN Controllers Unauthenticated Remote File Upload and Command Execution Vulnerability

May 7, 2025

CVE ID : CVE-2025-20188

Published : May 7, 2025, 6:15 p.m. | 1 hour, 29 minutes ago

Description : A vulnerability in the Out-of-Band Access Point (AP) Image Download feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system.

This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system. An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP image download interface. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges.

Note: For exploitation to be successful, the Out-of-Band AP Image Download feature must be enabled on the device. It is not enabled by default.

Severity: 10.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Global Cybersecurity Agencies Warn of Spyware Targeting Uyghur, Tibetan, and Taiwanese Communities

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

Is Agile dead in the age of AI?

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

The Core Model: Start FROM The Answer, Not WITH The Solution

Anthropic beats OpenAI as the top LLM provider for business – and it’s not even close

I bought Samsung’s Galaxy Watch Ultra 2025 – here’s why I have buyer’s remorse

I can admit when I’m wrong — this 75% wireless gaming keyboard is way better than I thought it would be

This is Microsoft’s canceled Windows-based Surface Duo — the dual-screen Windows Phone from 2018 that we never got

The details of TC39’s last meeting

The details of TC39’s last meeting

Enhancing Laravel Queries with Reusable Scope Patterns

Everything We Know About Livewire 4

I can admit when I’m wrong — this 75% wireless gaming keyboard is way better than I thought it would be

I can admit when I’m wrong — this 75% wireless gaming keyboard is way better than I thought it would be

This is Microsoft’s canceled Windows-based Surface Duo — the dual-screen Windows Phone from 2018 that we never got

Looking for an Ubuntu Manual? Try This Book

CVE-2024-54172 – IBM Sterling B2B Integrator and IBM Sterling File Gateway Cross-Site Request Forgery

Why the tech industry needs to stand firm on preserving end-to-end encryption

Is your phone spying on you? | Unlocked 403 cybersecurity podcast (S2E5)

I love Linux, so when Windows 10 reaches end of life you might be surprised when I don’t tell you to run to it with open arms

CVE-2025-52819 – Pakkemx Pakke Envíos SQL Injection Vulnerability

Windows 11 news and updates: EU forces Microsoft to make DMA changes as “Edge Game Assist” launches for all PCs

CVE-2025-3530 – WordPress Simple Shopping Cart Price Tampering Vulnerability

CVE-2025-20188 – Cisco IOS XE Software Wireless LAN Controllers Unauthenticated Remote File Upload and Command Execution Vulnerability

Global Cybersecurity Agencies Warn of Spyware Targeting Uyghur, Tibetan, and Taiwanese Communities

INTERPOL Dismantles 20,000+ Malicious IPs Linked to 69 Malware Variants in Operation Secure

CVE-2025-48374 – Zot Keycloak Client Secret Disclosure

CVE-2024-54172 – IBM Sterling B2B Integrator and IBM Sterling File Gateway Cross-Site Request Forgery

Related Posts