5 results (0.012 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java objects. IBM X-Force ID: 246976. • https://exchange.xforce.ibmcloud.com/vulnerabilities/246976 https://www.ibm.com/support/pages/node/7014933 • CWE-502: Deserialization of Untrusted Data •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0

IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244076. • https://www.ibm.com/support/pages/node/7014929 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM 10x, as used in Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications before 1.0.0.5_2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en IBM 10x, tal como se utiliza en Multi-Enterprise Integration Gateway 1.x hasta la versión 1.0.0.1 y B2B Advanced Communications en versiones anteriores a 1.0.0.5_2, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21991148 http://www.securityfocus.com/bid/93277 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 through 1.0.0.4 do not require HTTPS, which might allow remote attackers to obtain sensitive information by sniffing the network. IBM Multi-Enterprise Integration Gateway 1.0 hasta la versión 1.0.0.1 y B2B Advanced Communications 1.0.0.2 hasta la versión 1.0.0.4 no requiren HTTPS, lo que podría permitir a atacantes remotos obtener información sensible husmeando la red. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT14835 http://www-01.ibm.com/support/docview.wss?uid=swg21981462 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.x before 1.0.0.4, when guest access is configured, allow remote authenticated users to obtain sensitive information by reading error messages in responses. IBM Multi-Enterprise Integration Gateway 1.0 hasta la versión 1.0.0.1 y B2B Advanced Communications 1.x en versiones anteriores a 1.0.0.4, cuando se configura el acceso de invitado, permite a usuarios remotos autenticados obtener información sensible leyendo mensajes de error en respuestas. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT12573 http://www-01.ibm.com/support/docview.wss?uid=swg21972480 http://www.securityfocus.com/bid/79681 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •