CVE-2020-4655
https://notcve.org/view.php?id=CVE-2020-4655
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 186091. IBM Sterling B2B Integrator Standard Edition versiones 6.0.0.0 hasta 6.0.3.2 y versiones 5.2.0.0 hasta 5.2.6.5, es vulnerable a una inyección SQL. Un atacante remoto podría enviar sentencias SQL especialmente diseñadas, lo que podría permitir a un atacante visualizar, agregar, modificar o eliminar información en la base de datos del back-end. • https://exchange.xforce.ibmcloud.com/vulnerabilities/186091 https://www.ibm.com/support/pages/node/6367995 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2020-4566
https://notcve.org/view.php?id=CVE-2020-4566
IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 stores potentially highly sensitive information in log files that could be read by an authenticated user. IBM X-Force ID: 184083. IBM Sterling B2B Integrator Standard Edition versiones 5.2.6.0 hasta 5.2.6.5 y 6.0.0.0 hasta 6.0.3.2, almacena información potencialmente muy confidencial en archivos de registro que pueden ser leídos por un usuario autenticado. IBM X-Force ID: 184083 • https://exchange.xforce.ibmcloud.com/vulnerabilities/184083 https://www.ibm.com/support/pages/node/6367975 •
CVE-2020-4475
https://notcve.org/view.php?id=CVE-2020-4475
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 5.2.6.5 y versiones 6.0.0.0 hasta 6.0.3.2, podría permitir a un atacante remoto obtener información confidencial cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría ser usada en nuevos ataques contra el sistema • https://exchange.xforce.ibmcloud.com/vulnerabilities/181777 https://www.ibm.com/support/pages/node/6367963 •
CVE-2020-4564
https://notcve.org/view.php?id=CVE-2020-4564
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 and IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183933. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 6.0.3.1 e IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.0.3.1, es vulnerable ataques de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista conllevando a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/183933 https://www.ibm.com/support/pages/node/6349533 https://www.ibm.com/support/pages/node/6349539 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-4680
https://notcve.org/view.php?id=CVE-2019-4680
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.2.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171733. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 6.0.2.2, es vulnerable a una inyección SQL. Un atacante remoto podría enviar sentencias SQL especialmente diseñadas, que podrían permitir al atacante visualizar, agregar, modificar o eliminar información en la base de datos del back-end. • https://exchange.xforce.ibmcloud.com/vulnerabilities/171733 https://www.ibm.com/support/pages/node/6349515 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •