Page 26 of 155 results (0.002 seconds)

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Múltiples vulnerabilidades de inyección SQL en IBM Sterling Integrator 5.2 y Sterling File Gateway 2.2 permite a usuarios remotos autenticados ejecutar comandos SQL de forma arbitraria a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC96049 http://www-01.ibm.com/support/docview.wss?uid=swg21657539 https://exchange.xforce.ibmcloud.com/vulnerabilities/87358 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote attackers to inject links and trigger unintended navigation or actions via unspecified vectors. IBM Sterling B2B Integrator 5.2 y Sterling File Gateway 2.2 permite a atacantes remotos inyectar enlaces y disparar navegación o acciones no contempladas a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC96059 http://www-01.ibm.com/support/docview.wss?uid=swg21657539 https://exchange.xforce.ibmcloud.com/vulnerabilities/87360 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not invalidate a session upon a logout action, which allows remote attackers to bypass authentication by leveraging an unattended workstation. IBM Sterling B2B Integrator 5.2 y Sterling File Gateway 2.2 no invalidan la sesión en una acción de logout, lo cual permite a atacantes remotos sortear la autenticación aprovechando una estación desatendida. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC96051 http://www-01.ibm.com/support/docview.wss?uid=swg21657539 https://exchange.xforce.ibmcloud.com/vulnerabilities/87362 • CWE-287: Improper Authentication •

CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters. Múltiples vulnerabilidades cross-site scripting (XSS) en IBM Sterling B2B Integrator 5.2 y Sterling File Gateway 2.2 permiten a usuarios remotos autenticados inyectar script web o HTML de forma arbitraria a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC96053 http://www-01.ibm.com/support/docview.wss?uid=swg21657539 http://www.securityfocus.com/bid/64443 https://exchange.xforce.ibmcloud.com/vulnerabilities/87354 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, leading to improper interaction with the Windows MHTML protocol handler. Múltiples vulnerabilidades cross-site scripting (XSS) en IBM Sterling B2B Integrator 5.2 y Sterling File Gateway 2.2 permite a usuarios remotos autenticados inyectar script web o HTML de forma arbitraria a través de parámetros no especificados, llevando a una interacción inapropiada con el manejador de protocolo Windows MHTML. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC96055 http://www-01.ibm.com/support/docview.wss?uid=swg21657539 http://www.securityfocus.com/bid/64446 https://exchange.xforce.ibmcloud.com/vulnerabilities/87355 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •