CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2018-1563 – IBM Sterling B2B Integrator 5.2.0.1/5.2.6.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-1563
IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142967. IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway desde la versión 2.2.0 hasta la 2.2.6) es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • https://www.exploit-db.com/exploits/45190 http://www.ibm.com/support/docview.wss?uid=ibm10717031 http://www.securityfocus.com/bid/104910 https://exchange.xforce.ibmcloud.com/vulnerabilities/142967 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1564
https://notcve.org/view.php?id=CVE-2018-1564
IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could allow a local user with administrator privileges to obtain user passwords found in debugging messages. IBM X-Force ID: 142968. IBM Sterling B2B Integrator Standard Edition desde la versión 5.2 hasta la 5.2.6 podría permitir que un usuario local con privilegios de administrador obtenga contraseñas de usuario halladas en mensajes de depuración. IBM X-Force ID: 142968. • http://www.ibm.com/support/docview.wss?uid=ibm10716747 http://www.securityfocus.com/bid/104927 https://exchange.xforce.ibmcloud.com/vulnerabilities/142968 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1633
https://notcve.org/view.php?id=CVE-2017-1633
IBM Sterling B2B Integrator 5.2 through 5.2.6 could allow an authenticated attacker to obtain sensitive variable name information using specially crafted HTTP requests. IBM X-Force ID: 133180. IBM Sterling B2B Integrator desde la versión 5.2 hasta la 5.2.6 podría permitir que un atacante autenticado obtenga información sensible de nombres de variables mediante peticiones HTTP especialmente manipuladas. IBM X-Force ID: 133180. • http://www.ibm.com/support/docview.wss?uid=ibm10716747 http://www.securityfocus.com/bid/104927 https://exchange.xforce.ibmcloud.com/vulnerabilities/133180 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2017-1496
https://notcve.org/view.php?id=CVE-2017-1496
IBM Sterling B2B Integrator Standard Edition 5.2.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128694. IBM Sterling B2B Integrator Standard Edition versión 5.2.x es vulnerable a ataque de tipo cross-site-scripting (XSS). Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la Web UI, lo que altera la funcionalidad prevista que puede conllevar a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg22006175 https://exchange.xforce.ibmcloud.com/vulnerabilities/128694 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2016-6020
https://notcve.org/view.php?id=CVE-2016-6020
IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM Sterling B2B Integrator Standard Edition podrían permitir a un atacante remoto llevar a cabo ataques de phishing, utilizando un ataque de redirección abierta. Al persuadir a una victima para visitar un sitio Web especialmente manipulado, un atacante remoto podría explotar esta vulnerabilidad para falsificar la URL mostrada para redirigir a un usuario a un sitio Web malicioso que parece ser de confianza. • http://www.ibm.com/support/docview.wss?uid=swg21995794 http://www.securityfocus.com/bid/95098 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •