CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7437
https://notcve.org/view.php?id=CVE-2015-7437
Queue Watcher in IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive information via unspecified vectors. Queue Watcher en IBM Sterling B2B Integrator 5.2 permite a usuarios locales obtener información sensible a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC99482 http://www-01.ibm.com/support/docview.wss?uid=swg21970927 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 97%CPEs: 21EXPL: 1CVE-2015-7450 – IBM WebSphere Application Server and Server Hypervisor Edition Code Injection.
https://notcve.org/view.php?id=CVE-2015-7450
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library. Interfaces de objetos serializados en determinados productos IBM analytics, business solutions, cognitive, IT infrastructure y mobile and social permiten a atacantes remotos ejecutar comandos arbitrarios a través de un objeto Java serializado manipulado, relacionado con la clase InvokerTransformer en la librería Apache Commons Collections. Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands • https://www.exploit-db.com/exploits/41613 http://www-01.ibm.com/support/docview.wss?uid=swg21970575 http://www-01.ibm.com/support/docview.wss?uid=swg21971342 http://www-01.ibm.com/support/docview.wss?uid=swg21971376 http://www-01.ibm.com/support/docview.wss?uid=swg21971733 http://www-01.ibm.com/support/docview.wss? •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7410
https://notcve.org/view.php?id=CVE-2015-7410
The Health Check tool in IBM Sterling B2B Integrator 5.2 does not properly use cookies in conjunction with HTTPS sessions, which allows man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors. La herramienta Health Check en IBM Sterling B2B Integrator 5.2 no utiliza correctamente las cookies en conjunción con sesiones HTTPS, lo que permite a atacantes man-in-the-middle obtener información sensible o modificar datos a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21972676 http://www.securityfocus.com/bid/79685 • CWE-17: DEPRECATED: Code •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5019
https://notcve.org/view.php?id=CVE-2015-5019
IBM Sterling Integrator 5.1 before 5010004_8 and Sterling B2B Integrator 5.2 before 5020500_9 allow remote authenticated users to read or upload files by leveraging a password-change requirement. IBM Sterling Integrator 5.1 en versiones anteriores a 5010004_8 y Sterling B2B Integrator 5.2 en versiones anteriores a 5020500_9 permite a usuarios remotos autenticados leer o cargar archivos aprovechando un requerimiento de cambio de contraseña. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT11008 http://www-01.ibm.com/support/docview.wss?uid=swg21967781 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4992
https://notcve.org/view.php?id=CVE-2015-4992
IBM Sterling B2B Integrator 5.2 before 5020500_8 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. IBM Sterling B2B Integrator 5.2 en versiones anteriores a 5020500_8 permite a usuarios remotos autenticados llevar a cabo ataques de secuestro de clic a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT10723 http://www-01.ibm.com/support/docview.wss?uid=swg21965734 • CWE-20: Improper Input Validation •