Page 4 of 27 results (0.011 seconds)

CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 210323. Las versiones de IBM Sterling B2B Integrator Standard Edition de la 6.0.0.0 a la 6.1.2.1 utiliza el uso compartido de recursos entre orígenes (CORS), lo que podría permitir a un atacante llevar a cabo acciones privilegiadas y recuperar información confidencial, ya que el nombre de dominio no se limita solo a dominios confiables. ID de IBM X-Force: 210323. • https://exchange.xforce.ibmcloud.com/vulnerabilities/210323 https://www.ibm.com/support/pages/node/6852467 •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could allow an authenticated user to gain privileges in a different group due to an access control vulnerability in the Sftp server adapter. IBM X-Force ID: 241362. IBM Sterling B2B Integrator Standard Edition 6.0.0.0 a 6.1.2.1 podría permitir que un usuario autenticado obtenga privilegios en un grupo diferente debido a una vulnerabilidad de control de acceso en el adaptador del servidor Sftp. ID de IBM X-Force: 241362. • https://exchange.xforce.ibmcloud.com/vulnerabilities/241362 https://www.ibm.com/support/pages/node/6852465 •

CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229469. IBM Sterling B2B Integrator Standard Edition 6.0.0.0 a 6.1.2.1 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229469 https://www.ibm.com/support/pages/node/6852469 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 220398. IBM Sterling B2B Integrator Standard Edition 6.0.0.0 a 6.1.2.1 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/220398 https://www.ibm.com/support/pages/node/6852443 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow an authenticated user to obtain sensitive information due to improper permission controls. IBM X-Force ID: 216109. IBM Sterling B2B Integrator Standard Edition versiones 6.0.0.0 hasta 6.0.3.5, 6.1.0.0 hasta 6.1.0.4, y 6.1.1.0 hasta 6.1.1.1, podría permitir a un usuario autenticado obtener información confidencial debido a controles de permisos inapropiados. IBM X-Force ID: 216109. • https://exchange.xforce.ibmcloud.com/vulnerabilities/216109 https://www.ibm.com/support/pages/node/6612541 • CWE-276: Incorrect Default Permissions •