CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7410
https://notcve.org/view.php?id=CVE-2015-7410
The Health Check tool in IBM Sterling B2B Integrator 5.2 does not properly use cookies in conjunction with HTTPS sessions, which allows man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors. La herramienta Health Check en IBM Sterling B2B Integrator 5.2 no utiliza correctamente las cookies en conjunción con sesiones HTTPS, lo que permite a atacantes man-in-the-middle obtener información sensible o modificar datos a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21972676 http://www.securityfocus.com/bid/79685 • CWE-17: DEPRECATED: Code •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5019
https://notcve.org/view.php?id=CVE-2015-5019
IBM Sterling Integrator 5.1 before 5010004_8 and Sterling B2B Integrator 5.2 before 5020500_9 allow remote authenticated users to read or upload files by leveraging a password-change requirement. IBM Sterling Integrator 5.1 en versiones anteriores a 5010004_8 y Sterling B2B Integrator 5.2 en versiones anteriores a 5020500_9 permite a usuarios remotos autenticados leer o cargar archivos aprovechando un requerimiento de cambio de contraseña. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT11008 http://www-01.ibm.com/support/docview.wss?uid=swg21967781 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4992
https://notcve.org/view.php?id=CVE-2015-4992
IBM Sterling B2B Integrator 5.2 before 5020500_8 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. IBM Sterling B2B Integrator 5.2 en versiones anteriores a 5020500_8 permite a usuarios remotos autenticados llevar a cabo ataques de secuestro de clic a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT10723 http://www-01.ibm.com/support/docview.wss?uid=swg21965734 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2014-6199
https://notcve.org/view.php?id=CVE-2014-6199
The HTTP Server Adapter in IBM Sterling B2B Integrator 5.1 and 5.2.x and Sterling File Gateway 2.1 and 2.2 allows remote attackers to cause a denial of service (connection-slot exhaustion) via a crafted HTTP request. El adaptador del servidor HTTP en IBM Sterling B2B Integrator 5.1 y 5.2.x y Sterling File Gateway 2.1 y 2.2 permite a atacantes remotos causar una denegación de servicio (agotamiento de ranuras de conexión) a través de una solicitud HTTP manipulada. • http://secunia.com/advisories/62082 http://www-01.ibm.com/support/docview.wss?uid=swg1IT05121 http://www-01.ibm.com/support/docview.wss?uid=swg21693131 https://exchange.xforce.ibmcloud.com/vulnerabilities/98650 • CWE-399: Resource Management Errors •
CVSS: 1.9EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6146
https://notcve.org/view.php?id=CVE-2014-6146
IBM Sterling B2B Integrator 5.2.x through 5.2.4, when the Connect:Direct Server Adapter is configured, does not properly process the logging configuration, which allows local users to obtain sensitive information by reading log files. IBM Sterling B2B Integrator 5.2.x hasta 5.2.4, cuando Connect:Direct Server Adapter está configurado, no procesa debidamente la configuración del registro, lo que permite a usuarios locales obtener información sensible mediante la lectura de ficheros del registro. • http://secunia.com/advisories/62190 http://www-01.ibm.com/support/docview.wss?uid=swg1IT04337 http://www-01.ibm.com/support/docview.wss?uid=swg21689082 https://exchange.xforce.ibmcloud.com/vulnerabilities/96916 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •