CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2018-1563 – IBM Sterling B2B Integrator 5.2.0.1/5.2.6.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-1563
IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142967. IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway desde la versión 2.2.0 hasta la 2.2.6) es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • https://www.exploit-db.com/exploits/45190 http://www.ibm.com/support/docview.wss?uid=ibm10717031 http://www.securityfocus.com/bid/104910 https://exchange.xforce.ibmcloud.com/vulnerabilities/142967 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1564
https://notcve.org/view.php?id=CVE-2018-1564
IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could allow a local user with administrator privileges to obtain user passwords found in debugging messages. IBM X-Force ID: 142968. IBM Sterling B2B Integrator Standard Edition desde la versión 5.2 hasta la 5.2.6 podría permitir que un usuario local con privilegios de administrador obtenga contraseñas de usuario halladas en mensajes de depuración. IBM X-Force ID: 142968. • http://www.ibm.com/support/docview.wss?uid=ibm10716747 http://www.securityfocus.com/bid/104927 https://exchange.xforce.ibmcloud.com/vulnerabilities/142968 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2014-0912
https://notcve.org/view.php?id=CVE-2014-0912
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to obtain sensitive product information via vectors related to an error page. IBM X-Force ID: 92072. IBM Sterling B2B Integrator 5.1 y 5.2 y Sterling File Gateway 2.1 y 2.2 permiten que atacantes remotos obtengan información sensible del producto mediante vectores relacionados con una página de error. IBM X-Force ID: 92072. • http://www-01.ibm.com/support/docview.wss?uid=swg21674739 https://exchange.xforce.ibmcloud.com/vulnerabilities/92072 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2014-0927
https://notcve.org/view.php?id=CVE-2014-0927
The ActiveMQ admin user interface in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote attackers to bypass authentication by leveraging knowledge of the port number and webapp path. IBM X-Force ID: 92259. La interfaz de usuario administrativo Active MQ en IBM Sterling B2B Integrator 5.1 y 5.2 y Sterling File Gateway 2.1 y 2.2 permite que atacantes remotos omitan la autenticación aprovechando el conocimiento del número de puerto y la ruta de la webapp. IBM X-Force ID: 92259. • http://www-01.ibm.com/support/docview.wss?uid=swg21674739 https://exchange.xforce.ibmcloud.com/vulnerabilities/92259 • CWE-287: Improper Authentication •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1482
https://notcve.org/view.php?id=CVE-2017-1482
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128620. IBM Sterling B2B Integrator Standard Edition 5.2 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=swg22010762 http://www.securityfocus.com/bid/102035 https://exchange.xforce.ibmcloud.com/vulnerabilities/128620 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •