CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1347
https://notcve.org/view.php?id=CVE-2017-1347
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126462. Sterling B2B Integrator Standard Edition versión 5.2 de IBM, es vulnerable a la inyección SQL. Un atacante remoto podría enviar instrucciones SQL especialmente diseñadas, lo que podría permitir al atacante ver, agregar, modificar o eliminar información en la base de datos back-end. • http://www.ibm.com/support/docview.wss?uid=swg22004199 http://www.securityfocus.com/bid/99231 https://exchange.xforce.ibmcloud.com/vulnerabilities/126462 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1302
https://notcve.org/view.php?id=CVE-2017-1302
IBM Sterling B2B Integrator Standard Edition 5.2 could allow a local user view sensitive information due to improper access controls. IBM X-Force ID: 125456. IBM Sterling B2B Integrator Standard Edition 5.2 podría permitir a un usuario local ver información sensible debido a un inapropiado control de acceso. IBM X-Force ID: 125456. • http://www.ibm.com/support/docview.wss?uid=swg22004202 http://www.securityfocus.com/bid/99238 https://exchange.xforce.ibmcloud.com/vulnerabilities/125456 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1132
https://notcve.org/view.php?id=CVE-2017-1132
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121418. Sterling B2B Integrator Standard Edition versión 5.2 de IBM, es vulnerable a un problema de tipo cross-site-scripting (XSS). Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, alterando la funcionalidad deseada lo que conlleva a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg22004199 http://www.securityfocus.com/bid/99233 https://exchange.xforce.ibmcloud.com/vulnerabilities/121418 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9982
https://notcve.org/view.php?id=CVE-2016-9982
IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information such as account lists due to improper access control. IBM X-Force ID: 120274. Sterling B2B Integrator Standard Edition versión 5.2 de IBM, podría permitir a un usuario identificado obtener información confidencial, tales como listas de cuentas debido a un control de acceso inapropiado. ID de IBM X-Force: 120274. • http://www.ibm.com/support/docview.wss?uid=swg22004273 http://www.securityfocus.com/bid/99197 https://exchange.xforce.ibmcloud.com/vulnerabilities/120274 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1326
https://notcve.org/view.php?id=CVE-2017-1326
IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request. IBM X-Force ID: 126060. IBM Sterling File Gateway no restringe correctamente las peticiones de usuario en base al nivel de permisos. Esto permite que los usuarios actualicen datos relacionados con otros usuarios manipulando los parámetros que se pasan en la petición POST. • http://www.ibm.com/support/docview.wss?uid=swg22004274 http://www.securityfocus.com/bid/99183 https://exchange.xforce.ibmcloud.com/vulnerabilities/126060 • CWE-269: Improper Privilege Management •