Page 28 of 744 results (0.011 seconds)

CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0

CVE-2020-4658

https://notcve.org/view.php?id=CVE-2020-4658

IBM Sterling File Gateway 2.2.0.0 through 6.0.3.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186095. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.0.3.2, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/186095 https://www.ibm.com/support/pages/node/6382416 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0

CVE-2020-4657

https://notcve.org/view.php?id=CVE-2020-4657

IBM Sterling B2B Integrator 5.2.0.0 through 6.0.3.2 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186094. IBM Sterling B2B Integrator versiones 5.2.0.0 hasta 6.0.3.2, Standard Edition, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/186094 https://www.ibm.com/support/pages/node/6382414 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2019-4738

https://notcve.org/view.php?id=CVE-2019-4738

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.1 discloses sensitive information to an authenticated user from the dashboard UI which could be used in further attacks against the system. IBM X-Force ID: 172753. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 5.2.6.5 y versiones 6.0.0.0 hasta 6.0.3.1, revela información confidencial a un usuario autenticado desde la interfaz de usuario del panel de control que podría ser usado en nuevos ataques contra el sistema. IBM X-Force ID: 172753. • https://exchange.xforce.ibmcloud.com/vulnerabilities/172753 https://www.ibm.com/support/pages/node/6380390 • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

CVE-2020-4937

https://notcve.org/view.php?id=CVE-2020-4937

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 191814. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 6.0.3.2, usa algoritmos criptográficos más débiles de lo esperado lo que podría permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 191814 • https://exchange.xforce.ibmcloud.com/vulnerabilities/191814 https://www.ibm.com/support/pages/node/6370795 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 10.0EPSS: 89%CPEs: 2EXPL: 7

CVE-2020-14871 – Oracle Solaris and Zettabyte File System (ZFS) Unspecified Vulnerability

https://notcve.org/view.php?id=CVE-2020-14871

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. • https://www.exploit-db.com/exploits/49261 https://www.exploit-db.com/exploits/49896 https://www.exploit-db.com/exploits/50039 https://github.com/robidev/CVE-2020-14871-Exploit http://packetstormsecurity.com/files/159961/SunSSH-Solaris-10-x86-Remote-Root.html http://packetstormsecurity.com/files/160510/Solaris-SunSSH-11.0-x86-libpam-Remote-Root.html http://packetstormsecurity.com/files/160609/Oracle-Solaris-SunSSH-PAM-parse_user_name-Buffer-Overflow.html http://packetstormsecurity.com/files/163232 • CWE-787: Out-of-bounds Write •