CVE-2020-4647
https://notcve.org/view.php?id=CVE-2020-4647
IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Sterling File Gateway versiones 2.2.0.0 hasta 2.2.6.5, y versiones 6.0.0.0 hasta 6.0.3.2, es vulnerable a una inyección SQL. Un atacante remoto podría enviar sentencias SQL especialmente diseñadas, lo que podría permitir a un atacante visualizar, agregar, modificar o eliminar información en la base de datos back-end • https://exchange.xforce.ibmcloud.com/vulnerabilities/185809 https://www.ibm.com/support/pages/node/6367981 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2020-4476
https://notcve.org/view.php?id=CVE-2020-4476
IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181778. IBM Sterling File Gateway versiones 2.2.0.0 hasta 2.2.6.5, y versiones 6.0.0.0 hasta 6.0.3.2, podría permitir a un atacante remoto obtener información confidencial cuando es devuelto un mensaje de error técnico detallado en el navegador. Esta información podría ser usada en nuevos ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/181778 https://www.ibm.com/support/pages/node/6367971 •
CVE-2020-4564
https://notcve.org/view.php?id=CVE-2020-4564
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 and IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183933. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 6.0.3.1 e IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.0.3.1, es vulnerable ataques de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista conllevando a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/183933 https://www.ibm.com/support/pages/node/6349533 https://www.ibm.com/support/pages/node/6349539 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-4299
https://notcve.org/view.php?id=CVE-2020-4299
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. IBM X-Force ID: 176606. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 6.0.3.1, podría exponer información confidencial a un usuario por medio de una petición HTTP especialmente diseñada. IBM X-Force ID: 176606. • https://exchange.xforce.ibmcloud.com/vulnerabilities/176606 https://www.ibm.com/support/pages/node/6208041 •
CVE-2020-4259
https://notcve.org/view.php?id=CVE-2020-4259
IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to. IBM X-Force ID: 175638. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.0.3.1, podría permitir que un usuario autentificado pudiera manipular la información de una cookie y eliminar o añadir módulos desde la cookie para acceder a funcionalidades no autorizadas. IBM X-Force ID: 175638. • https://exchange.xforce.ibmcloud.com/vulnerabilities/175638 https://www.ibm.com/support/pages/node/6208038 • CWE-276: Incorrect Default Permissions •