CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4029
https://notcve.org/view.php?id=CVE-2019-4029
IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 155907. IBM Sterling B2B Integrator, desde la versión 5.2.0.1 hasta la 6.0.0.0, es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.securityfocus.com/bid/107223 https://exchange.xforce.ibmcloud.com/vulnerabilities/155907 https://www.ibm.com/support/docview.wss?uid=ibm10874246 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4063
https://notcve.org/view.php?id=CVE-2019-4063
IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 Standard Edition could allow highly sensitive information to be transmitted in plain text. An attacker could obtain this information using man in the middle techniques. IBM X-ForceID: 157008. IBM Sterling B2B Integrator, desde la versión 5.2.0.1 hasta la 6.0.0.0, en su edición estándar, podría permitir que se transmita información sensible en texto plano. Un atacante podría obtener esta información empleando técnicas Man-in-the-Middle (MitM). • http://www.securityfocus.com/bid/107310 https://exchange.xforce.ibmcloud.com/vulnerabilities/157008 https://www.ibm.com/support/docview.wss?uid=ibm10874234 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4028
https://notcve.org/view.php?id=CVE-2019-4028
IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155906. IBM Sterling B2B Integrator, desde la versión 5.2.0.1 hasta la 6.0.0.0, es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.securityfocus.com/bid/107223 https://exchange.xforce.ibmcloud.com/vulnerabilities/155906 https://www.ibm.com/support/docview.wss?uid=ibm10874246 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1800
https://notcve.org/view.php?id=CVE-2018-1800
IBM Sterling B2B Integrator Standard Edition 5.2.6.0 and 6.2.6.1 could allow a local user to obtain highly sensitive information during a short time period when installation is occurring. IBM X-Force ID: 149607. IBM Sterling B2B Integrator Standard Edition 5.2.6.0 y 6.2.6.1 podría permitir que un usuario local obtenga información altamente sensible durante un corto periodo de tiempo mientras se está instalando. IBM X-Force ID: 149607. • https://exchange.xforce.ibmcloud.com/vulnerabilities/149607 https://www.ibm.com/support/docview.wss?uid=ibm10731379 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 1%CPEs: 101EXPL: 1CVE-2013-4002 – OpenJDK: XML parsing Denial of Service (JAXP, 8017298)
https://notcve.org/view.php?id=CVE-2013-4002
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names. XMLscanner.java en Apache Xerces2 Java Parser, en versiones anteriores a la 2.12.0, tal y como se empleó en Java Runtime Environment (JRE) en IBM Java, en versiones 5.0 anteriores a la 5.0 SR16-FP3, 6 anteriores a la 6 SR14, 6.0.1 anteriores a la 6.0.1 SR6 y 7 anteriores a la 7 SR5, así como en Oracle Java SE 7u40 y anteriores, Java SE 6u60 y anteriores, Java SE 5.0u51 y anteriores, JRockit R28.2.8 y anteriores, JRockit R27.7.6 y anteriores, Java SE Embedded 7u40 y anteriores y, posiblemente, otros productos, permite que los atacantes remotos realicen una denegación de servicio (DoS) mediante vectores relacionados con los nombres de atributo XML. A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU. • https://github.com/tafamace/CVE-2013-4002 http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html http://lists • CWE-20: Improper Input Validation •