Page 31 of 155 results (0.014 seconds)

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2012-5766. Múltiples vulnerabilidades de inyección SQL en IBM Sterling B2B Integrator 5.1 y 5.2 y Sterling File Gateway 2.1 y 2.2, permite a usuarios autenticados remotamente la ejecución de comandos SQL arbitrarios a través de vectores no especificados. Vulnerabilidad distinta de CVE-2012-5766. • http://www-01.ibm.com/support/docview.wss?uid=swg21640830 https://exchange.xforce.ibmcloud.com/vulnerabilities/83012 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 do not properly restrict file types and extensions, which allows remote authenticated users to bypass intended access restrictions via a crafted filename. IBM Sterling B2B Integrator v5.1 y v5.2 y Sterling File Gateway v2.1 y v2.2 no restringen adecuadamente los tipos de archivos y extensiones, lo que permite a usuarios remotos autenticados eludir las restricciones de acceso previstas a través de un nombre de fichero manipulado. • http://www-01.ibm.com/support/docview.wss?uid=swg21640830 https://exchange.xforce.ibmcloud.com/vulnerabilities/81547 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2.4 and Sterling File Gateway allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de cross-site scripting (XSS) en IBM Sterling B2B Integrator v5.2.4 y Sterling File Gateway permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, una vulnerabilidad distinta a CVE-2013-2983. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC92888 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling File Gateway 2.2 and Sterling B2B Integrator allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2013-0468. Múltiples vulnerabilidades XSS en IBM Sterling File Gateway v2.2 y Sterling B2B Integrator permiten a atacantes remotos inyectar secuencias de comandos web o HTML mediante vectores desconocidos, una vulnerabilidad diferente a CVE-2013-0455. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC91045 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0

Unspecified vulnerability in the CLA2 server in IBM Gentran Integration Suite 4.3, Sterling Integrator 5.0 and 5.1, and Sterling B2B Integrator 5.2, as used in IBM Sterling File Gateway 1.1 through 2.2 and other products, allows remote attackers to execute arbitrary commands via unknown vectors. Vulnerabilidad no especificada en el servidor CLA2 de IBM Gentran Integration Suite v4.3, Sterling Integrator v5.0 y v5.1, y Sterling B2B Integrador de v5.2, tal y como se utiliza en la puerta de enlace de IBM Sterling File v1.1 a v2.2 y otros productos, permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC85189 http://www.ibm.com/support/docview.wss?uid=swg21633925 https://exchange.xforce.ibmcloud.com/vulnerabilities/80403 •