CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4647
https://notcve.org/view.php?id=CVE-2020-4647
16 Nov 2020 — IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Sterling File Gateway versiones 2.2.0.0 hasta 2.2.6.5, y versiones 6.0.0.0 hasta 6.0.3.2, es vulnerable a una inyección SQL. Un atacante remoto podría enviar sentencias SQL especialmente diseñadas, lo que podría permitir a un atac... • https://exchange.xforce.ibmcloud.com/vulnerabilities/185809 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4476
https://notcve.org/view.php?id=CVE-2020-4476
16 Nov 2020 — IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181778. IBM Sterling File Gateway versiones 2.2.0.0 hasta 2.2.6.5, y versiones 6.0.0.0 hasta 6.0.3.2, podría permitir a un atacante remoto obtener información confidencial cuando es devuelto un mensaje de error técnico... • https://exchange.xforce.ibmcloud.com/vulnerabilities/181778 •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4564
https://notcve.org/view.php?id=CVE-2020-4564
20 Oct 2020 — IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 and IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183933. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 6.0.3.1 e IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.... • https://exchange.xforce.ibmcloud.com/vulnerabilities/183933 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2020-4299
https://notcve.org/view.php?id=CVE-2020-4299
14 May 2020 — IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. IBM X-Force ID: 176606. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 6.0.3.1, podría exponer información confidencial a un usuario por medio de una petición HTTP especialmente diseñada. IBM X-Force ID: 176606. • https://exchange.xforce.ibmcloud.com/vulnerabilities/176606 •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-4259
https://notcve.org/view.php?id=CVE-2020-4259
14 May 2020 — IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to. IBM X-Force ID: 175638. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.0.3.1, podría permitir que un usuario autentificado pudiera manipular la información de una cookie y eliminar o añadir módulos desde la cookie para acceder a funcionalidades no autorizadas. IBM X-Force ID: 175638. • https://exchange.xforce.ibmcloud.com/vulnerabilities/175638 • CWE-276: Incorrect Default Permissions •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4423
https://notcve.org/view.php?id=CVE-2019-4423
30 Sep 2019 — IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162769. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.0.1.0, podría permitir a un atacante remoto saltar directorios en el sistema. Un atacante podría enviar una petición URL especialmente diseñada que contenga secuencias de "dot dot" (/..... • https://exchange.xforce.ibmcloud.com/vulnerabilities/162769 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4280
https://notcve.org/view.php?id=CVE-2019-4280
30 Sep 2019 — IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 displays sensitive information in HTTP requests which could be used in further attacks against the system. IBM X-Force ID: 160503. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.0.1.0, muestra información confidencial en peticiones HTTP que podría ser usada en futuros ataques contra el sistema. ID de IBM X-Force: 160503. • https://exchange.xforce.ibmcloud.com/vulnerabilities/160503 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4147
https://notcve.org/view.php?id=CVE-2019-4147
16 Sep 2019 — IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.0.1.0, es vulnerable a la inyección SQL. Un atacante remoto podría enviar sentencias SQL especialmente diseñadas, lo que podría permitir al atacante visualizar, agregar, modificar o eliminar ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/158413 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •