CVE-2023-50316

Medium

Published: 28 January 2025

Published

28 January 2025

Modified

05 March 2025

KEV Added

—

Patch

—

CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0018 38.6th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-50316 is a medium-severity SQL Injection (CWE-89) vulnerability in Ibm Sterling B2B Integrator. Its CVSS base score is 6.3 (Medium).

Operationally, ranked at the 38.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents SQL injection attacks like CVE-2023-50316 by validating and sanitizing all user inputs before processing by the back-end database.

SI-2 Flaw Remediation good match

prevent

Addresses the root cause of CVE-2023-50316 by requiring timely identification, testing, and deployment of patches for the specific SQL injection flaw in IBM Sterling B2B Integrator.

SI-9 Information Input Restrictions partial match

prevent

Supports mitigation of CVE-2023-50316 by restricting input types, formats, and lengths to block specially crafted SQL statements.

NVD Description

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end…

database.

Deeper analysisAI

CVE-2023-50316 is a SQL injection vulnerability (CWE-89) in IBM Sterling B2B Integrator versions 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1. Published on 2025-01-28, it carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). The flaw enables a remote attacker to send specially crafted SQL statements that interact with the back-end database.

A remote attacker with low privileges (PR:L) can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation grants the ability to view, add, modify, or delete information in the back-end database, potentially compromising data integrity and confidentiality.

IBM has published a security advisory at https://www.ibm.com/support/pages/node/7176072 with details on the vulnerability.

Details

CWE(s): CWE-89

Affected Products

ibm

sterling b2b integrator

6.0.0.0 — 6.1.2.5 · 6.2.0.0 — 6.2.0.1

CVEs Like This One

CVE-2023-38739Same product: Ibm Sterling B2B Integrator

CVE-2024-31903Same product: Ibm Sterling B2B Integrator

CVE-2025-36368Same product: Ibm Sterling B2B Integrator

CVE-2024-35148Same vendor: Ibm

CVE-2026-1264Same product: Ibm Sterling B2B Integrator

CVE-2025-14031Same product: Ibm Sterling B2B Integrator

CVE-2025-13379Same vendor: Ibm

CVE-2025-13214Same vendor: Ibm

CVE-2025-36070Same vendor: Ibm

CVE-2023-49886Same vendor: Ibm

References

https://www.ibm.com/support/pages/node/7176072
Not Applicable · psirt@us.ibm.com