Page 16 of 115 results (0.012 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors. IBM Sterling B2B Integrator 5.2 en versiones anteriores a 5020500_14 y 5.2 06 en versiones anteriores a 5020602_1 permite a usuarios remotos autenticados cambiar contraseñas arbitrarias a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT16043 http://www-01.ibm.com/support/docview.wss?uid=swg21989577 http://www.securityfocus.com/bid/94391 • CWE-255: Credentials Management Errors •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in Queue Watcher in IBM Sterling B2B Integrator 5.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en Queue Watcher en IBM Sterling B2B Integrator 5.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT04830 http://www-01.ibm.com/support/docview.wss?uid=swg21970676 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0

IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive cleartext web-services information by leveraging database access. IBM Sterling B2B Integrator 5.2 permite a usuarios locales obtener información sensible de servicios web en texto plano aprovechando el acceso a la base de datos. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT09929 http://www-01.ibm.com/support/docview.wss?uid=swg21971012 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

Queue Watcher in IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive information via unspecified vectors. Queue Watcher en IBM Sterling B2B Integrator 5.2 permite a usuarios locales obtener información sensible a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC99482 http://www-01.ibm.com/support/docview.wss?uid=swg21970927 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 10.0EPSS: 97%CPEs: 21EXPL: 1

Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library. Interfaces de objetos serializados en determinados productos IBM analytics, business solutions, cognitive, IT infrastructure y mobile and social permiten a atacantes remotos ejecutar comandos arbitrarios a través de un objeto Java serializado manipulado, relacionado con la clase InvokerTransformer en la librería Apache Commons Collections. Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands • https://www.exploit-db.com/exploits/41613 http://www-01.ibm.com/support/docview.wss?uid=swg21970575 http://www-01.ibm.com/support/docview.wss?uid=swg21971342 http://www-01.ibm.com/support/docview.wss?uid=swg21971376 http://www-01.ibm.com/support/docview.wss?uid=swg21971733 http://www-01.ibm.com/support/docview.wss? •