CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4973
https://notcve.org/view.php?id=CVE-2015-4973
Cross-site scripting (XSS) vulnerability in IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Multi-Enterprise Integration Gateway 1.x hasta la versión 1.0.0.1 y B2B Advanced Communications 1.0.0.2 y 1.0.0.3 en versiones anteriores a 1.0.0.3_2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT10705 http://www-01.ibm.com/support/docview.wss?uid=swg21964806 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5022
https://notcve.org/view.php?id=CVE-2015-5022
IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2, when access by guests is enabled, place an internal hostname and a payload path in a response, which allows remote authenticated users to obtain sensitive information by leveraging a trading-partner relationship and reading response fields. IBM Multi-Enterprise Integration Gateway 1.x hasta la versión 1.0.0.1 y B2B Advanced Communications 1.0.0.2 y 1.0.0.3 en versiones anteriores a 1.0.0.3_2, cuando el acceso de invitados está habilitado, sitúa un hostname interno y una ruta de payload en una respuesta, lo que permite a usuarios remotos autenticados obtener información sensible aprovechando una relación trading-partner y leyendo campos de respuesta. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT10702 http://www-01.ibm.com/support/docview.wss?uid=swg21967334 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •