CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2016-6020
https://notcve.org/view.php?id=CVE-2016-6020
IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM Sterling B2B Integrator Standard Edition podrían permitir a un atacante remoto llevar a cabo ataques de phishing, utilizando un ataque de redirección abierta. Al persuadir a una victima para visitar un sitio Web especialmente manipulado, un atacante remoto podría explotar esta vulnerabilidad para falsificar la URL mostrada para redirigir a un usuario a un sitio Web malicioso que parece ser de confianza. • http://www.ibm.com/support/docview.wss?uid=swg21995794 http://www.securityfocus.com/bid/95098 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3057
https://notcve.org/view.php?id=CVE-2016-3057
Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en IBM Sterling B2B Integrator 5.2 en versiones anteriores a 5020500_14 y 5.2 06 en versiones anteriores a 5020602_1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT15790 http://www-01.ibm.com/support/docview.wss?uid=swg21989578 http://www.securityfocus.com/bid/94389 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5890
https://notcve.org/view.php?id=CVE-2016-5890
IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors. IBM Sterling B2B Integrator 5.2 en versiones anteriores a 5020500_14 y 5.2 06 en versiones anteriores a 5020602_1 permite a usuarios remotos autenticados cambiar contraseñas arbitrarias a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT16043 http://www-01.ibm.com/support/docview.wss?uid=swg21989577 http://www.securityfocus.com/bid/94391 • CWE-255: Credentials Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7431
https://notcve.org/view.php?id=CVE-2015-7431
Cross-site scripting (XSS) vulnerability in Queue Watcher in IBM Sterling B2B Integrator 5.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en Queue Watcher en IBM Sterling B2B Integrator 5.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT04830 http://www-01.ibm.com/support/docview.wss?uid=swg21970676 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7438
https://notcve.org/view.php?id=CVE-2015-7438
IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive cleartext web-services information by leveraging database access. IBM Sterling B2B Integrator 5.2 permite a usuarios locales obtener información sensible de servicios web en texto plano aprovechando el acceso a la base de datos. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT09929 http://www-01.ibm.com/support/docview.wss?uid=swg21971012 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •