CVE-2016-9983
https://notcve.org/view.php?id=CVE-2016-9983
IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user with special privileges to view files that they should not have access to. IBM X-Force ID: 120275. Sterling B2B Integrator Standard Edition versión 5.2 de IBM, podría permitir a un usuario autenticado con privilegios especiales visualizar archivos a los que no debería tener acceso. ID de IBM X-Force: 120275. • http://www.ibm.com/support/docview.wss?uid=swg22004273 http://www.securityfocus.com/bid/99198 https://exchange.xforce.ibmcloud.com/vulnerabilities/120275 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-0210
https://notcve.org/view.php?id=CVE-2016-0210
IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information. By allowing HTTP OPTIONS method, a remote attacker could send a specially-crafted query to a vulnerable server running to cause the server to disclose sensitive information in the HTTP response. IBM Sterling B2B Integrator Standard Edition podría permitir a un atacante remoto obtener información sensible. Permitiendo el método HTTP OPTIONS, un atacante remoto podría enviar una query especialmente manipulada a un servidor vulnerable ejecutándose para provocar que el servidor revele información sensible en la respuesta HTTP. • http://www.ibm.com/support/docview.wss?uid=swg21981549 http://www.securityfocus.com/bid/90527 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-6020
https://notcve.org/view.php?id=CVE-2016-6020
IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM Sterling B2B Integrator Standard Edition podrían permitir a un atacante remoto llevar a cabo ataques de phishing, utilizando un ataque de redirección abierta. Al persuadir a una victima para visitar un sitio Web especialmente manipulado, un atacante remoto podría explotar esta vulnerabilidad para falsificar la URL mostrada para redirigir a un usuario a un sitio Web malicioso que parece ser de confianza. • http://www.ibm.com/support/docview.wss?uid=swg21995794 http://www.securityfocus.com/bid/95098 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2016-3057
https://notcve.org/view.php?id=CVE-2016-3057
Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en IBM Sterling B2B Integrator 5.2 en versiones anteriores a 5020500_14 y 5.2 06 en versiones anteriores a 5020602_1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT15790 http://www-01.ibm.com/support/docview.wss?uid=swg21989578 http://www.securityfocus.com/bid/94389 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-5890
https://notcve.org/view.php?id=CVE-2016-5890
IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors. IBM Sterling B2B Integrator 5.2 en versiones anteriores a 5020500_14 y 5.2 06 en versiones anteriores a 5020602_1 permite a usuarios remotos autenticados cambiar contraseñas arbitrarias a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT16043 http://www-01.ibm.com/support/docview.wss?uid=swg21989577 http://www.securityfocus.com/bid/94391 • CWE-255: Credentials Management Errors •