CVE-2022-33959 – IBM Sterling Order Management privilege escalation
https://notcve.org/view.php?id=CVE-2022-33959
IBM Sterling Order Management 10.0 could allow a user to bypass validation and perform unauthorized actions on behalf of other users. IBM X-Force ID: 229320. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229320 https://www.ibm.com/support/pages/node/6981911 •
CVE-2022-34333 – IBM Sterling Order Management information disclosure
https://notcve.org/view.php?id=CVE-2022-34333
IBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229698 https://www.ibm.com/support/pages/node/6981917 • CWE-521: Weak Password Requirements •
CVE-2021-20554
https://notcve.org/view.php?id=CVE-2021-20554
IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199179. IBM Sterling Order Management versiones 9.4, 9.5 y 10.0, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario web, alterando así la funcionalidad prevista y conllevando potencialmente a una divulgación de credenciales en una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/199179 https://www.ibm.com/support/pages/node/6493881 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-1911
https://notcve.org/view.php?id=CVE-2015-1911
Cross-site scripting (XSS) vulnerability in Sterling Order Management 8.5 before HF113, Sterling Selling and Fulfillment Foundation 9.0.0 before FP92, and Sterling Field Sales (SFS) 9.0 before HF7 in IBM Sterling Selling and Fulfillment Suite allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en Sterling Order Management 8.5 anterior a HF113, Sterling Selling and Fulfillment Foundation 9.0.0 anterior a FP92, y Sterling Field Sales (SFS) 9.0 anterior a HF7 en IBM Sterling Selling and Fulfillment Suite permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21700864 http://www.securityfocus.com/bid/74224 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-0932
https://notcve.org/view.php?id=CVE-2014-0932
Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.5 before HF105 and Sterling Selling and Fulfillment Foundation 9.0 before HF85 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Sterling Order Management 8.5 anterior a HF105 y Sterling Selling y Fulfillment Foundation 9.0 anterior a HF85 permite a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT00419 http://www-01.ibm.com/support/docview.wss?uid=swg21670912 http://www.securityfocus.com/bid/66993 https://exchange.xforce.ibmcloud.com/vulnerabilities/92264 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •