CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2021-29736
https://notcve.org/view.php?id=CVE-2021-29736
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system. IBM X-Force ID: 201300. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 podría permitir a un usuario remoto alcanzar privilegios elevados en el sistema. IBM X-Force ID: 201300 • https://exchange.xforce.ibmcloud.com/vulnerabilities/201300 https://www.ibm.com/support/pages/node/6476678 •
CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 2CVE-2021-20562 – IBM Sterling B2B Integrator Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-20562
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 and 6.1.0.0 through 6.1.0.2 vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199232. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta la versión 5.2.6.5_3 y versiones 6.1.0.0 hasta la versión 6.1.0.2 son vulnerables a las secuencias de comandos entre sitios. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario de la web, lo que altera la funcionalidad prevista y puede conducir a la divulgación de credenciales en una sesión de confianza. • http://packetstormsecurity.com/files/164782/IBM-Sterling-B2B-Integrator-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2021/Nov/16 https://exchange.xforce.ibmcloud.com/vulnerabilities/199232 https://www.ibm.com/support/pages/node/6475301 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2021-29754
https://notcve.org/view.php?id=CVE-2021-29754
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 es suceptible a una vulnerabilidad de escalada de privilegios cuando se usa el SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006 • https://exchange.xforce.ibmcloud.com/vulnerabilities/202006 https://www.ibm.com/support/pages/node/6462627 •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20501
https://notcve.org/view.php?id=CVE-2021-20501
IBM i 7.1, 7.2, 7.3, and 7.4 SMTP allows a network attacker to send emails to non-existent local-domain recipients to the SMTP server, caused by using a non-default configuration. An attacker could exploit this vulnerability to consume unnecessary network bandwidth and disk space, and allow remote attackers to send spam email. IBM X-Force ID: 198056. IBM i versiones 7.1, 7.2, 7.3 y 7.4 SMTP, permite a un atacante de red enviar correos electrónicos a destinatarios de dominio local inexistentes en el servidor SMTP, debido al uso de una configuración no predeterminada. Un atacante podría explotar esta vulnerabilidad para consumir ancho de banda de red y espacio en disco innecesarios, y permitir a atacantes remotos enviar correo electrónico no deseado. • https://exchange.xforce.ibmcloud.com/vulnerabilities/198056 https://www.ibm.com/support/pages/node/6445505 •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-20480
https://notcve.org/view.php?id=CVE-2021-20480
IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197502. IBM WebSphere Application Server versiones 7.0, 8.0 y 8.5, es vulnerable a un ataque de tipo server-side request forgery (SSRF). Al enviar una petición especialmente diseñada, un atacante autenticado remotamente podría explotar esta vulnerabilidad para obtener datos confidenciales. • https://exchange.xforce.ibmcloud.com/vulnerabilities/197502 https://www.ibm.com/support/pages/node/6441063 • CWE-918: Server-Side Request Forgery (SSRF) •