CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-50307 – IBM Sterling B2B Integrator cross-site scripting
https://notcve.org/view.php?id=CVE-2023-50307
12 Apr 2024 — IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 273338. IBM Sterling B2B Integrator 6.0.0.0 a 6.0.3.9, 6.1.0.0 a 6.1.2.3 y 6.2.0.0 es vulnerable a Cross Site Scripting. Esta vulnerabilidad permite a los usuarios incrustar... • https://exchange.xforce.ibmcloud.com/vulnerabilities/273338 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-22357 – IBM Sterling B2B Integrator cross-site scripting
https://notcve.org/view.php?id=CVE-2024-22357
12 Apr 2024 — IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280894. IBM Sterling B2B Integrator 6.0.0.0 a 6.0.3.9, 6.1.0.0 a 6.1.2.3 y 6.2.0.0 es vulnerable a Cross Site Scripting. Esta vulnerabilidad permite a los usuarios incrustar... • https://exchange.xforce.ibmcloud.com/vulnerabilities/280894 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-42016 – IBM Sterling B2B Integrator information disclosure
https://notcve.org/view.php?id=CVE-2023-42016
09 Feb 2024 — IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 265559. IBM Sterling B2B Integrator Standard Edition 6.0.0.0 a 6.... • https://exchange.xforce.ibmcloud.com/vulnerabilities/265559 • CWE-319: Cleartext Transmission of Sensitive Information CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32341 – IBM Sterling B2B Integrator denial of service
https://notcve.org/view.php?id=CVE-2023-32341
09 Feb 2024 — IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 could allow an authenticated user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 255827. IBM Sterling B2B Integrator 6.0.0.0 a 6.0.3.8 y 6.1.0.0 a 6.1.2.3 podría permitir que un usuario autenticado provoque una denegación de servicio debido al consumo incontrolado de recursos. ID de IBM X-Force: 255827. • https://exchange.xforce.ibmcloud.com/vulnerabilities/255827 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25682 – IBM Sterling B2B Integrator information disclosure
https://notcve.org/view.php?id=CVE-2023-25682
22 Nov 2023 — IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 247034. IBM Sterling B2B Integrator Standard Edition 6.0.0.0 a 6.0.3.8 y 6.1.0.0 a 6.1.2.1 almacena información potencialmente confidencial en archivos de registro que un usuario local podría leer. ID de IBM X-Force: 247034. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247034 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-35638 – IBM Sterling B2B Integrator cross-site request forgery
https://notcve.org/view.php?id=CVE-2022-35638
22 Nov 2023 — IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230824. IBM Sterling B2B Integrator Standard Edition 6.0.0.0 a 6.0.3.8 y 6.1.0.0 a 6.1.2.1 es vulnerable a cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas... • https://exchange.xforce.ibmcloud.com/vulnerabilities/230824 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22876 – IBM Sterling B2B Integrator information disclosure
https://notcve.org/view.php?id=CVE-2023-22876
15 Mar 2023 — IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.1 could allow a privileged user to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 244364. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244364 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-43578 – IBM Sterling B2B Integrator Standard Edition cross-site scripting
https://notcve.org/view.php?id=CVE-2022-43578
22 Feb 2023 — IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238683. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238683 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-40231 – IBM Sterling B2B Integrator Standard Edition improper access control
https://notcve.org/view.php?id=CVE-2022-40231
17 Feb 2023 — IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 could allow an authenticated user to perform unauthorized actions due to improper access controls. IBM X-Force ID: 235533. • https://exchange.xforce.ibmcloud.com/vulnerabilities/235533 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-43579 – IBM Sterling B2B Integrator Standard Edition cross-site scripting
https://notcve.org/view.php?id=CVE-2022-43579
17 Feb 2023 — IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238684. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238684 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •