CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1132
https://notcve.org/view.php?id=CVE-2017-1132
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121418. Sterling B2B Integrator Standard Edition versión 5.2 de IBM, es vulnerable a un problema de tipo cross-site-scripting (XSS). Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, alterando la funcionalidad deseada lo que conlleva a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg22004199 http://www.securityfocus.com/bid/99233 https://exchange.xforce.ibmcloud.com/vulnerabilities/121418 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9982
https://notcve.org/view.php?id=CVE-2016-9982
IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information such as account lists due to improper access control. IBM X-Force ID: 120274. Sterling B2B Integrator Standard Edition versión 5.2 de IBM, podría permitir a un usuario identificado obtener información confidencial, tales como listas de cuentas debido a un control de acceso inapropiado. ID de IBM X-Force: 120274. • http://www.ibm.com/support/docview.wss?uid=swg22004273 http://www.securityfocus.com/bid/99197 https://exchange.xforce.ibmcloud.com/vulnerabilities/120274 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1326
https://notcve.org/view.php?id=CVE-2017-1326
IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request. IBM X-Force ID: 126060. IBM Sterling File Gateway no restringe correctamente las peticiones de usuario en base al nivel de permisos. Esto permite que los usuarios actualicen datos relacionados con otros usuarios manipulando los parámetros que se pasan en la petición POST. • http://www.ibm.com/support/docview.wss?uid=swg22004274 http://www.securityfocus.com/bid/99183 https://exchange.xforce.ibmcloud.com/vulnerabilities/126060 • CWE-269: Improper Privilege Management •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9983
https://notcve.org/view.php?id=CVE-2016-9983
IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user with special privileges to view files that they should not have access to. IBM X-Force ID: 120275. Sterling B2B Integrator Standard Edition versión 5.2 de IBM, podría permitir a un usuario autenticado con privilegios especiales visualizar archivos a los que no debería tener acceso. ID de IBM X-Force: 120275. • http://www.ibm.com/support/docview.wss?uid=swg22004273 http://www.securityfocus.com/bid/99198 https://exchange.xforce.ibmcloud.com/vulnerabilities/120275 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0210
https://notcve.org/view.php?id=CVE-2016-0210
IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information. By allowing HTTP OPTIONS method, a remote attacker could send a specially-crafted query to a vulnerable server running to cause the server to disclose sensitive information in the HTTP response. IBM Sterling B2B Integrator Standard Edition podría permitir a un atacante remoto obtener información sensible. Permitiendo el método HTTP OPTIONS, un atacante remoto podría enviar una query especialmente manipulada a un servidor vulnerable ejecutándose para provocar que el servidor revele información sensible en la respuesta HTTP. • http://www.ibm.com/support/docview.wss?uid=swg21981549 http://www.securityfocus.com/bid/90527 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •