CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7437
https://notcve.org/view.php?id=CVE-2015-7437
Queue Watcher in IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive information via unspecified vectors. Queue Watcher en IBM Sterling B2B Integrator 5.2 permite a usuarios locales obtener información sensible a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC99482 http://www-01.ibm.com/support/docview.wss?uid=swg21970927 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7438
https://notcve.org/view.php?id=CVE-2015-7438
IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive cleartext web-services information by leveraging database access. IBM Sterling B2B Integrator 5.2 permite a usuarios locales obtener información sensible de servicios web en texto plano aprovechando el acceso a la base de datos. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT09929 http://www-01.ibm.com/support/docview.wss?uid=swg21971012 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7431
https://notcve.org/view.php?id=CVE-2015-7431
Cross-site scripting (XSS) vulnerability in Queue Watcher in IBM Sterling B2B Integrator 5.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en Queue Watcher en IBM Sterling B2B Integrator 5.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT04830 http://www-01.ibm.com/support/docview.wss?uid=swg21970676 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 97%CPEs: 21EXPL: 2CVE-2015-7450 – IBM WebSphere Application Server and Server Hypervisor Edition Code Injection.
https://notcve.org/view.php?id=CVE-2015-7450
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library. Interfaces de objetos serializados en determinados productos IBM analytics, business solutions, cognitive, IT infrastructure y mobile and social permiten a atacantes remotos ejecutar comandos arbitrarios a través de un objeto Java serializado manipulado, relacionado con la clase InvokerTransformer en la librería Apache Commons Collections. Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands • https://www.exploit-db.com/exploits/41613 http://www-01.ibm.com/support/docview.wss?uid=swg21970575 http://www-01.ibm.com/support/docview.wss?uid=swg21971342 http://www-01.ibm.com/support/docview.wss?uid=swg21971376 http://www-01.ibm.com/support/docview.wss?uid=swg21971733 http://www-01.ibm.com/support/docview.wss? •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7410
https://notcve.org/view.php?id=CVE-2015-7410
The Health Check tool in IBM Sterling B2B Integrator 5.2 does not properly use cookies in conjunction with HTTPS sessions, which allows man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors. La herramienta Health Check en IBM Sterling B2B Integrator 5.2 no utiliza correctamente las cookies en conjunción con sesiones HTTPS, lo que permite a atacantes man-in-the-middle obtener información sensible o modificar datos a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21972676 http://www.securityfocus.com/bid/79685 • CWE-17: DEPRECATED: Code •