CVE-2020-4870
https://notcve.org/view.php?id=CVE-2020-4870
IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack caused by an error processing connecting applications. IBM X-Force ID: 190833. IBM MQ versiones 9.2 CD y LTS, son vulnerables a un ataque de denegación de servicio causado por un error al procesar unas aplicaciones de conexión. IBM X-Force ID: 190833 • https://exchange.xforce.ibmcloud.com/vulnerabilities/190833 https://www.ibm.com/support/pages/node/6380742 https://www.ibm.com/support/pages/node/6386466 •
CVE-2020-4658
https://notcve.org/view.php?id=CVE-2020-4658
IBM Sterling File Gateway 2.2.0.0 through 6.0.3.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186095. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.0.3.2, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/186095 https://www.ibm.com/support/pages/node/6382416 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-4657
https://notcve.org/view.php?id=CVE-2020-4657
IBM Sterling B2B Integrator 5.2.0.0 through 6.0.3.2 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186094. IBM Sterling B2B Integrator versiones 5.2.0.0 hasta 6.0.3.2, Standard Edition, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/186094 https://www.ibm.com/support/pages/node/6382414 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-4738
https://notcve.org/view.php?id=CVE-2019-4738
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.1 discloses sensitive information to an authenticated user from the dashboard UI which could be used in further attacks against the system. IBM X-Force ID: 172753. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 5.2.6.5 y versiones 6.0.0.0 hasta 6.0.3.1, revela información confidencial a un usuario autenticado desde la interfaz de usuario del panel de control que podría ser usado en nuevos ataques contra el sistema. IBM X-Force ID: 172753. • https://exchange.xforce.ibmcloud.com/vulnerabilities/172753 https://www.ibm.com/support/pages/node/6380390 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2020-4937
https://notcve.org/view.php?id=CVE-2020-4937
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 191814. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 6.0.3.2, usa algoritmos criptográficos más débiles de lo esperado lo que podría permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 191814 • https://exchange.xforce.ibmcloud.com/vulnerabilities/191814 https://www.ibm.com/support/pages/node/6370795 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •