CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-40232 – IBM Sterling B2B Integrator Standard Edition improper access control
https://notcve.org/view.php?id=CVE-2022-40232
17 Feb 2023 — IBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, and 6.1.2.0 could allow an authenticated user to perform actions they should not have access to due to improper permission controls. IBM X-Force ID: 235597. • https://exchange.xforce.ibmcloud.com/vulnerabilities/235597 • CWE-276: Incorrect Default Permissions •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22337 – IBM Sterling B2B Integrator Standard Edition information disclosure
https://notcve.org/view.php?id=CVE-2022-22337
04 Jan 2023 — IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could disclose sensitive information to an authenticated user. IBM X-Force ID: 219507. IBM Sterling B2B Integrator Standard Edition 6.0.0.0 a 6.1.2.1 podría revelar información confidencial a un usuario no autenticado. ID de IBM X-Force: 219507. • https://exchange.xforce.ibmcloud.com/vulnerabilities/219507 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22338 – IBM Sterling B2B Integrator Standard Edition SQL injection
https://notcve.org/view.php?id=CVE-2022-22338
04 Jan 2023 — IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 219510. IBM Sterling B2B Integrator Standard Edition 6.0.0.0 a 6.1.2.1 es vulnerable a la inyección SQL. Un atacante remoto podría enviar declaraciones SQL especialmente manipulada, que podrían permitirle ver, agregar, modificar o e... • https://exchange.xforce.ibmcloud.com/vulnerabilities/219510 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-22371 – IBM Sterling B2B Integrator Standard Edition session fixation
https://notcve.org/view.php?id=CVE-2022-22371
04 Jan 2023 — IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 221195. IBM Sterling B2B Integrator Standard Edition 6.0.0.0 a 6.1.2.1 no invalida la sesión después de un cambio de contraseña que podría permitir que un usuario autenticado se haga pasar por otro usuario en el sistema. ID de IBM X-Force: 221195. • https://exchange.xforce.ibmcloud.com/vulnerabilities/221195 • CWE-613: Insufficient Session Expiration •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38928 – IBM Sterling B2B Integrator Standard Edition cross-origin resource sharing
https://notcve.org/view.php?id=CVE-2021-38928
04 Jan 2023 — IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 210323. Las versiones de IBM Sterling B2B Integrator Standard Edition de la 6.0.0.0 a la 6.1.2.1 utiliza el uso compartido de recursos entre orígenes (CORS), lo que podría permitir a un atacante llevar a cabo acciones privi... • https://exchange.xforce.ibmcloud.com/vulnerabilities/210323 •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-43920 – IBM Sterling B2B Integrator Standard Edition privilege escalation
https://notcve.org/view.php?id=CVE-2022-43920
04 Jan 2023 — IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could allow an authenticated user to gain privileges in a different group due to an access control vulnerability in the Sftp server adapter. IBM X-Force ID: 241362. IBM Sterling B2B Integrator Standard Edition 6.0.0.0 a 6.1.2.1 podría permitir que un usuario autenticado obtenga privilegios en un grupo diferente debido a una vulnerabilidad de control de acceso en el adaptador del servidor Sftp. ID de IBM X-Force: 241362. • https://exchange.xforce.ibmcloud.com/vulnerabilities/241362 •
CVSS: 6.4EPSS: 0%CPEs: 7EXPL: 0CVE-2022-34330 – IBM Sterling B2B Integrator cross-site scripting
https://notcve.org/view.php?id=CVE-2022-34330
04 Jan 2023 — IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229469. IBM Sterling B2B Integrator Standard Edition 6.0.0.0 a 6.1.2.1 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/229469 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22352 – IBM Sterling B2B Integrator Standard Edition cross-site scripting
https://notcve.org/view.php?id=CVE-2022-22352
04 Jan 2023 — IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 220398. IBM Sterling B2B Integrator Standard Edition 6.0.0.0 a 6.1.2.1 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/220398 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-39087
https://notcve.org/view.php?id=CVE-2021-39087
16 Aug 2022 — IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow an authenticated user to obtain sensitive information due to improper permission controls. IBM X-Force ID: 216109. IBM Sterling B2B Integrator Standard Edition versiones 6.0.0.0 hasta 6.0.3.5, 6.1.0.0 hasta 6.1.0.4, y 6.1.1.0 hasta 6.1.1.1, podría permitir a un usuario autenticado obtener información confidencial debido a controles de permisos inapropiados. IBM X-Force ID: 2... • https://exchange.xforce.ibmcloud.com/vulnerabilities/216109 • CWE-276: Incorrect Default Permissions •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2021-39085
https://notcve.org/view.php?id=CVE-2021-39085
16 Aug 2022 — IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 215888. IBM Sterling B2B Integrator Standard Edition versiones 6.0.0.0 hasta 6.0.3.5, 6.1.0.0 hasta 6.1.0.4 y 6.1.1.0 hasta 6.1.1.1, es vulnerable a una inyección SQL. Un atacant... • https://exchange.xforce.ibmcloud.com/vulnerabilities/215888 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •