Page 15 of 115 results (0.038 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request. IBM X-Force ID: 126060. IBM Sterling File Gateway no restringe correctamente las peticiones de usuario en base al nivel de permisos. Esto permite que los usuarios actualicen datos relacionados con otros usuarios manipulando los parámetros que se pasan en la petición POST. • http://www.ibm.com/support/docview.wss?uid=swg22004274 http://www.securityfocus.com/bid/99183 https://exchange.xforce.ibmcloud.com/vulnerabilities/126060 • CWE-269: Improper Privilege Management •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user with special privileges to view files that they should not have access to. IBM X-Force ID: 120275. Sterling B2B Integrator Standard Edition versión 5.2 de IBM, podría permitir a un usuario autenticado con privilegios especiales visualizar archivos a los que no debería tener acceso. ID de IBM X-Force: 120275. • http://www.ibm.com/support/docview.wss?uid=swg22004273 http://www.securityfocus.com/bid/99198 https://exchange.xforce.ibmcloud.com/vulnerabilities/120275 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information. By allowing HTTP OPTIONS method, a remote attacker could send a specially-crafted query to a vulnerable server running to cause the server to disclose sensitive information in the HTTP response. IBM Sterling B2B Integrator Standard Edition podría permitir a un atacante remoto obtener información sensible. Permitiendo el método HTTP OPTIONS, un atacante remoto podría enviar una query especialmente manipulada a un servidor vulnerable ejecutándose para provocar que el servidor revele información sensible en la respuesta HTTP. • http://www.ibm.com/support/docview.wss?uid=swg21981549 http://www.securityfocus.com/bid/90527 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0

IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM Sterling B2B Integrator Standard Edition podrían permitir a un atacante remoto llevar a cabo ataques de phishing, utilizando un ataque de redirección abierta. Al persuadir a una victima para visitar un sitio Web especialmente manipulado, un atacante remoto podría explotar esta vulnerabilidad para falsificar la URL mostrada para redirigir a un usuario a un sitio Web malicioso que parece ser de confianza. • http://www.ibm.com/support/docview.wss?uid=swg21995794 http://www.securityfocus.com/bid/95098 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en IBM Sterling B2B Integrator 5.2 en versiones anteriores a 5020500_14 y 5.2 06 en versiones anteriores a 5020602_1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT15790 http://www-01.ibm.com/support/docview.wss?uid=swg21989578 http://www.securityfocus.com/bid/94389 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •