29 results (0.011 seconds)

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to obtain sensitive product information via vectors related to an error page. IBM X-Force ID: 92072. IBM Sterling B2B Integrator 5.1 y 5.2 y Sterling File Gateway 2.1 y 2.2 permiten que atacantes remotos obtengan información sensible del producto mediante vectores relacionados con una página de error. IBM X-Force ID: 92072. • http://www-01.ibm.com/support/docview.wss?uid=swg21674739 https://exchange.xforce.ibmcloud.com/vulnerabilities/92072 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0

The ActiveMQ admin user interface in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote attackers to bypass authentication by leveraging knowledge of the port number and webapp path. IBM X-Force ID: 92259. La interfaz de usuario administrativo Active MQ en IBM Sterling B2B Integrator 5.1 y 5.2 y Sterling File Gateway 2.1 y 2.2 permite que atacantes remotos omitan la autenticación aprovechando el conocimiento del número de puerto y la ruta de la webapp. IBM X-Force ID: 92259. • http://www-01.ibm.com/support/docview.wss?uid=swg21674739 https://exchange.xforce.ibmcloud.com/vulnerabilities/92259 • CWE-287: Improper Authentication •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data. Una vulnerabilidad de tipo XML External Entity (XXE) en las versiones 5.1 y 5.2 de IBM Sterling B2B Integrator y las versiones 2.1 y 2.2 de IBM Sterling File Gateway permite a los atacantes leer archivos arbitrarios utilizando datos XML manipulados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT06733 http://www-01.ibm.com/support/docview.wss?uid=swg21699482 http://www.securityfocus.com/bid/73401 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information. By allowing HTTP OPTIONS method, a remote attacker could send a specially-crafted query to a vulnerable server running to cause the server to disclose sensitive information in the HTTP response. IBM Sterling B2B Integrator Standard Edition podría permitir a un atacante remoto obtener información sensible. Permitiendo el método HTTP OPTIONS, un atacante remoto podría enviar una query especialmente manipulada a un servidor vulnerable ejecutándose para provocar que el servidor revele información sensible en la respuesta HTTP. • http://www.ibm.com/support/docview.wss?uid=swg21981549 http://www.securityfocus.com/bid/90527 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 10.0EPSS: 97%CPEs: 21EXPL: 1

Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library. Interfaces de objetos serializados en determinados productos IBM analytics, business solutions, cognitive, IT infrastructure y mobile and social permiten a atacantes remotos ejecutar comandos arbitrarios a través de un objeto Java serializado manipulado, relacionado con la clase InvokerTransformer en la librería Apache Commons Collections. Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands • https://www.exploit-db.com/exploits/41613 http://www-01.ibm.com/support/docview.wss?uid=swg21970575 http://www-01.ibm.com/support/docview.wss?uid=swg21971342 http://www-01.ibm.com/support/docview.wss?uid=swg21971376 http://www-01.ibm.com/support/docview.wss?uid=swg21971733 http://www-01.ibm.com/support/docview.wss? •