Page 3 of 49 results (0.006 seconds)

CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238684. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238684 https://www.ibm.com/support/pages/node/6954765 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0

IBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, and 6.1.2.0 could allow an authenticated user to perform actions they should not have access to due to improper permission controls. IBM X-Force ID: 235597. • https://exchange.xforce.ibmcloud.com/vulnerabilities/235597 https://www.ibm.com/support/pages/node/6954465 • CWE-276: Incorrect Default Permissions •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could disclose sensitive information to an authenticated user. IBM X-Force ID: 219507. IBM Sterling B2B Integrator Standard Edition 6.0.0.0 a 6.1.2.1 podría revelar información confidencial a un usuario no autenticado. ID de IBM X-Force: 219507. • https://exchange.xforce.ibmcloud.com/vulnerabilities/219507 https://www.ibm.com/support/pages/node/6852459 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 219510. IBM Sterling B2B Integrator Standard Edition 6.0.0.0 a 6.1.2.1 es vulnerable a la inyección SQL. Un atacante remoto podría enviar declaraciones SQL especialmente manipulada, que podrían permitirle ver, agregar, modificar o eliminar información en la base de datos back-end. • https://exchange.xforce.ibmcloud.com/vulnerabilities/219510 https://www.ibm.com/support/pages/node/6852453 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 221195. IBM Sterling B2B Integrator Standard Edition 6.0.0.0 a 6.1.2.1 no invalida la sesión después de un cambio de contraseña que podría permitir que un usuario autenticado se haga pasar por otro usuario en el sistema. ID de IBM X-Force: 221195. • https://exchange.xforce.ibmcloud.com/vulnerabilities/221195 https://www.ibm.com/support/pages/node/6852461 • CWE-613: Insufficient Session Expiration •