CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0CVE-2019-4728
https://notcve.org/view.php?id=CVE-2019-4728
05 Jan 2021 — IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges. IBM X-Force ID: 172452. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 5.2.6.5_2, versiones 6.0.0.0 hasta 6.0.3.2 y 6.1.0.0, pod... • https://exchange.xforce.ibmcloud.com/vulnerabilities/172452 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-4657
https://notcve.org/view.php?id=CVE-2020-4657
16 Dec 2020 — IBM Sterling B2B Integrator 5.2.0.0 through 6.0.3.2 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186094. IBM Sterling B2B Integrator versiones 5.2.0.0 hasta 6.0.3.2, Standard Edition, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar cód... • https://exchange.xforce.ibmcloud.com/vulnerabilities/186094 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-4738
https://notcve.org/view.php?id=CVE-2019-4738
10 Dec 2020 — IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.1 discloses sensitive information to an authenticated user from the dashboard UI which could be used in further attacks against the system. IBM X-Force ID: 172753. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 5.2.6.5 y versiones 6.0.0.0 hasta 6.0.3.1, revela información confidencial a un usuario autenticado desde la interfaz de usuario del panel de control que podría ser usado en nuevos ata... • https://exchange.xforce.ibmcloud.com/vulnerabilities/172753 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-4937
https://notcve.org/view.php?id=CVE-2020-4937
20 Nov 2020 — IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 191814. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 6.0.3.2, usa algoritmos criptográficos más débiles de lo esperado lo que podría permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 191814 • https://exchange.xforce.ibmcloud.com/vulnerabilities/191814 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4705
https://notcve.org/view.php?id=CVE-2020-4705
16 Nov 2020 — IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187190. IBM Sterling B2B Integrator Standard Edition versiones 6.0.0.0 hasta 6.0.3.2 y versiones 5.2.0.0 hasta 5.2.6.5, es vulnerable a un ataque de tipo cross-site s... • https://exchange.xforce.ibmcloud.com/vulnerabilities/187190 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4700
https://notcve.org/view.php?id=CVE-2020-4700
16 Nov 2020 — IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user belonging to a specific user group to create a user or group with administrative privileges. IBM X-Force ID: 187077. IBM Sterling B2B Integrator Standard Edition versiones 6.0.0.0 hasta 6.0.3.2 y versiones 5.2.0.0 hasta 5.2.6.5, podría permitir a un usuario autenticado que pertenezca a un grupo de usuarios específico crear un usuario o grupo con privilegios administrativos. IBM ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/187077 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4692
https://notcve.org/view.php?id=CVE-2020-4692
16 Nov 2020 — IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user to obtain sensitive information from the Dashboard UI. IBM X-Force ID: 186780. IBM Sterling B2B Integrator Standard Edition versiones 6.0.0.0 hasta 6.0.3.2 y versiones 5.2.0.0 hasta 5.2.6.5, podría permitir a un usuario autenticado obtener información confidencial de la interfaz de usuario del Panel. IBM X-Force ID: 186780 • https://exchange.xforce.ibmcloud.com/vulnerabilities/186780 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4671
https://notcve.org/view.php?id=CVE-2020-4671
16 Nov 2020 — IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 stores potentially sensitive information in log files that could be read by an authenticatedl user. IBM X-Force ID: 186284. IBM Sterling B2B Integrator Standard Edition versiones 6.0.0.0 hasta 6.0.3.2 y versiones 5.2.0.0 hasta 5.2.6.5, almacena información potencialmente confidencial en archivos de registro que pueden ser leídos por un usuario autenticado. IBM X-Force ID: 186284 • https://exchange.xforce.ibmcloud.com/vulnerabilities/186284 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4655
https://notcve.org/view.php?id=CVE-2020-4655
16 Nov 2020 — IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 186091. IBM Sterling B2B Integrator Standard Edition versiones 6.0.0.0 hasta 6.0.3.2 y versiones 5.2.0.0 hasta 5.2.6.5, es vulnerable a una inyección SQL. Un atacante remoto podría enviar sentencias ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/186091 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4475
https://notcve.org/view.php?id=CVE-2020-4475
16 Nov 2020 — IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 5.2.6.5 y versiones 6.0.0.0 hasta 6.0.3.2, podría permitir a un atacante remoto obtener información confidencial cuando se devuelve un mensaje de ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/181777 •