CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2020-4299
https://notcve.org/view.php?id=CVE-2020-4299
14 May 2020 — IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. IBM X-Force ID: 176606. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 6.0.3.1, podría exponer información confidencial a un usuario por medio de una petición HTTP especialmente diseñada. IBM X-Force ID: 176606. • https://exchange.xforce.ibmcloud.com/vulnerabilities/176606 •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-4259
https://notcve.org/view.php?id=CVE-2020-4259
14 May 2020 — IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to. IBM X-Force ID: 175638. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.0.3.1, podría permitir que un usuario autentificado pudiera manipular la información de una cookie y eliminar o añadir módulos desde la cookie para acceder a funcionalidades no autorizadas. IBM X-Force ID: 175638. • https://exchange.xforce.ibmcloud.com/vulnerabilities/175638 • CWE-276: Incorrect Default Permissions •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4423
https://notcve.org/view.php?id=CVE-2019-4423
30 Sep 2019 — IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162769. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.0.1.0, podría permitir a un atacante remoto saltar directorios en el sistema. Un atacante podría enviar una petición URL especialmente diseñada que contenga secuencias de "dot dot" (/..... • https://exchange.xforce.ibmcloud.com/vulnerabilities/162769 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4280
https://notcve.org/view.php?id=CVE-2019-4280
30 Sep 2019 — IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 displays sensitive information in HTTP requests which could be used in further attacks against the system. IBM X-Force ID: 160503. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.0.1.0, muestra información confidencial en peticiones HTTP que podría ser usada en futuros ataques contra el sistema. ID de IBM X-Force: 160503. • https://exchange.xforce.ibmcloud.com/vulnerabilities/160503 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4147
https://notcve.org/view.php?id=CVE-2019-4147
16 Sep 2019 — IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.0.1.0, es vulnerable a la inyección SQL. Un atacante remoto podría enviar sentencias SQL especialmente diseñadas, lo que podría permitir al atacante visualizar, agregar, modificar o eliminar ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/158413 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1544
https://notcve.org/view.php?id=CVE-2017-1544
20 Jul 2018 — IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) caches usernames and passwords in browsers that could be used by a local attacker to obtain sensitive information. IBM X-Force ID: 130812. IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway desde la versión 2.2.0 hasta la 2.2.6) cachea los nombres de usuario y las contraseñas en navegadores que podrían ser empleados por un atacante local para obtener información sensible. IBM X-Force ID: 130812. • http://www.ibm.com/support/docview.wss?uid=ibm10716997 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1575
https://notcve.org/view.php?id=CVE-2017-1575
20 Jul 2018 — IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) uses weaker than expected cryptographic algorithms that could allow a local attacker to decrypt highly sensitive information. IBM X-Force ID: 132032. IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway desde la versión 2.2.0 hasta la 2.2.6) emplea algoritmos criptográficos más débiles de lo esperado que podrían permitir que un atacante local descifre información altamente sensible. IBM X-Force ID... • http://www.ibm.com/support/docview.wss?uid=ibm10716997 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1470
https://notcve.org/view.php?id=CVE-2018-1470
20 Jul 2018 — IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote authenticated attacker to obtain sensitive information displayed in the URL that could lead to further attacks against the system. IBM X-Force ID: 140688. IBM Sterling File Gateway, desde la versión 2.2.0 hasta la 2.2.6 podría permitir que un atacante autenticado remoto obtenga información sensible mostrada en la URL que podría conducir a más ataques contra el sistema. IBM X-Force ID: 140688. • http://www.ibm.com/support/docview.wss?uid=ibm10716997 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 2%CPEs: 2EXPL: 2CVE-2018-1563 – IBM Sterling B2B Integrator 5.2.0.1/5.2.6.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-1563
20 Jul 2018 — IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142967. IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway desde la versión 2.2.0 hasta la 2.2.6) es vulnerable a Cross-Site Scripting (XSS). Esta vu... • https://packetstorm.news/files/id/148882 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1398
https://notcve.org/view.php?id=CVE-2018-1398
20 Jul 2018 — IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote attacker to download certain files that could contain sensitive information. IBM X-Force ID: 138434. IBM Sterling File Gateway desde la versión 2.2.0 hasta la 2.2.6 podría permitir que un atacante remoto descargue ciertos archivos que podrían contener información sensible. IBM X-Force ID: 138434. • http://www.ibm.com/support/docview.wss?uid=ibm10717025 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •