CVE-2024-27263
Published: 28 January 2025
Summary
CVE-2024-27263 is a medium-severity Channel Accessible by Non-Endpoint (CWE-300) vulnerability in Ibm Sterling B2B Integrator. Its CVSS base score is 5.3 (Medium).
Operationally, ranked at the 29.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-24502
Vulnerability details
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to obtain sensitive information from the dashboard UI using man in the middle techniques.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Ensures only authenticated endpoints can access the communication channel, blocking unauthorized non-endpoint access.
Physically restricts transmission channels so they cannot be accessed or tapped by non-endpoint actors within facilities.
Periodic TSCM surveys identify unauthorized access points or taps that make communication channels reachable by non-endpoint adversaries.
Explicitly isolates the communications path so it cannot be accessed or intercepted by non-endpoint entities during security functions.
Restrictions and channel controls reduce the chance that VoIP media or signaling streams remain accessible to non-participants.
Directly prevents non-endpoint access or interception of the session communication path.
An out-of-band channel is inaccessible to non-endpoints that can observe or interfere with the primary communication channel.
The control restricts an inherently broadcast wireless channel to only intended endpoints, mitigating accessibility by non-endpoints.