CVSS: 5.4EPSS: 3%CPEs: 1EXPL: 2CVE-2018-1513 – IBM Sterling B2B Integrator 5.2.0.1/5.2.6.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-1513
23 Jul 2018 — IBM Sterling B2B Integrator Standard Edition 5.2.0 through 5.2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141551. IBM Sterling B2B Integrator Standard Edition de la versión 5.2.0 a la 5.2.6 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript... • https://packetstorm.news/files/id/148882 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2014-0912
https://notcve.org/view.php?id=CVE-2014-0912
20 Apr 2018 — IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to obtain sensitive product information via vectors related to an error page. IBM X-Force ID: 92072. IBM Sterling B2B Integrator 5.1 y 5.2 y Sterling File Gateway 2.1 y 2.2 permiten que atacantes remotos obtengan información sensible del producto mediante vectores relacionados con una página de error. IBM X-Force ID: 92072. • http://www-01.ibm.com/support/docview.wss?uid=swg21674739 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2014-0927
https://notcve.org/view.php?id=CVE-2014-0927
20 Apr 2018 — The ActiveMQ admin user interface in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote attackers to bypass authentication by leveraging knowledge of the port number and webapp path. IBM X-Force ID: 92259. La interfaz de usuario administrativo Active MQ en IBM Sterling B2B Integrator 5.1 y 5.2 y Sterling File Gateway 2.1 y 2.2 permite que atacantes remotos omitan la autenticación aprovechando el conocimiento del número de puerto y la ruta de la webapp. IBM X-Force ID... • http://www-01.ibm.com/support/docview.wss?uid=swg21674739 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1481
https://notcve.org/view.php?id=CVE-2017-1481
07 Dec 2017 — IBM Sterling B2B Integrator Standard Edition 5.2 allows a user to view sensitive information that belongs to another user. IBM X-Force ID: 128619. IBM Sterling B2B Integrator Standard Edition 5.2 permite que un usuario vea información sensible que pertenece a otro usuario. IBM X-Force ID: 128619. • http://www.ibm.com/support/docview.wss?uid=swg22010761 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1482
https://notcve.org/view.php?id=CVE-2017-1482
07 Dec 2017 — IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128620. IBM Sterling B2B Integrator Standard Edition 5.2 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, ... • http://www.ibm.com/support/docview.wss?uid=swg22010762 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1192
https://notcve.org/view.php?id=CVE-2017-1192
10 Aug 2017 — IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 123663. IBM Sterling B2B Integrator 5.2 es vulnerable a ataques de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información altamente sensible o consumir recursos de la ... • http://www.ibm.com/support/docview.wss?uid=swg22004267 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1174
https://notcve.org/view.php?id=CVE-2017-1174
10 Aug 2017 — IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123296. IBM Sterling B2B Integrator Standard Edition 5.2 es vulnerable a inyecciones SQL. Un atacante remoto podría enviar instrucciones SQL especialmente manipuladas que podrían permitir que el atacante viese, añadiese, modificase o borrase informació... • http://www.ibm.com/support/docview.wss?uid=swg22004268 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-0194
https://notcve.org/view.php?id=CVE-2015-0194
02 Aug 2017 — XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data. Una vulnerabilidad de tipo XML External Entity (XXE) en las versiones 5.1 y 5.2 de IBM Sterling B2B Integrator y las versiones 2.1 y 2.2 de IBM Sterling File Gateway permite a los atacantes leer archivos arbitrarios utilizando datos XML manipulados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT06733 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2017-1496
https://notcve.org/view.php?id=CVE-2017-1496
31 Jul 2017 — IBM Sterling B2B Integrator Standard Edition 5.2.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128694. IBM Sterling B2B Integrator Standard Edition versión 5.2.x es vulnerable a ataque de tipo cross-site-scripting (XSS). Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la... • http://www.ibm.com/support/docview.wss?uid=swg22006175 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1193
https://notcve.org/view.php?id=CVE-2017-1193
23 Jun 2017 — IBM Sterling B2B Integrator Standard Edition 5.2 could allow user to obtain sensitive information using an HTTP GET request. IBM X-Force ID: 123667. IBM Sterling B2B Integrator Standard Edition 5.2 podría permitir a un usuario obtener información sensible usando una petición HTTP GET. IBM X-Force ID: 123667. • http://www.ibm.com/support/docview.wss?uid=swg22004202 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •