CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4043
https://notcve.org/view.php?id=CVE-2019-4043
02 Apr 2019 — IBM Sterling B2B Integrator Standard Edition 5.2.0 snf 6.0.0.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 156239. IBM Sterling B2B Integrator Standard Edition 5.2.0 snf 6.0.0.0 es vulnerable a ataques de XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer informa... • http://www.securityfocus.com/bid/107778 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4027
https://notcve.org/view.php?id=CVE-2019-4027
05 Mar 2019 — IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 155905. IBM Sterling B2B Integrator, desde la versión 5.2.0.1 hasta la 6.0.0.0, es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la ... • http://www.securityfocus.com/bid/107223 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4028
https://notcve.org/view.php?id=CVE-2019-4028
05 Mar 2019 — IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155906. IBM Sterling B2B Integrator, desde la versión 5.2.0.1 hasta la 6.0.0.0, es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la... • http://www.securityfocus.com/bid/107223 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4029
https://notcve.org/view.php?id=CVE-2019-4029
05 Mar 2019 — IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 155907. IBM Sterling B2B Integrator, desde la versión 5.2.0.1 hasta la 6.0.0.0, es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la... • http://www.securityfocus.com/bid/107223 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4063
https://notcve.org/view.php?id=CVE-2019-4063
05 Mar 2019 — IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 Standard Edition could allow highly sensitive information to be transmitted in plain text. An attacker could obtain this information using man in the middle techniques. IBM X-ForceID: 157008. IBM Sterling B2B Integrator, desde la versión 5.2.0.1 hasta la 6.0.0.0, en su edición estándar, podría permitir que se transmita información sensible en texto plano. Un atacante podría obtener esta información empleando técnicas Man-in-the-Middle (MitM). • http://www.securityfocus.com/bid/107310 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1718
https://notcve.org/view.php?id=CVE-2018-1718
31 Jul 2018 — IBM Sterling B2B Integrator Standard Edition 5.2.0.1 - 5.2.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147166. IBM Sterling B2B Integrator Standard Edition 5.2.0.1 - 5.2.6.3 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en ... • http://www.securityfocus.com/bid/104938 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 3%CPEs: 1EXPL: 2CVE-2018-1513 – IBM Sterling B2B Integrator 5.2.0.1/5.2.6.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-1513
23 Jul 2018 — IBM Sterling B2B Integrator Standard Edition 5.2.0 through 5.2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141551. IBM Sterling B2B Integrator Standard Edition de la versión 5.2.0 a la 5.2.6 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript... • https://packetstorm.news/files/id/148882 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1633
https://notcve.org/view.php?id=CVE-2017-1633
20 Jul 2018 — IBM Sterling B2B Integrator 5.2 through 5.2.6 could allow an authenticated attacker to obtain sensitive variable name information using specially crafted HTTP requests. IBM X-Force ID: 133180. IBM Sterling B2B Integrator desde la versión 5.2 hasta la 5.2.6 podría permitir que un atacante autenticado obtenga información sensible de nombres de variables mediante peticiones HTTP especialmente manipuladas. IBM X-Force ID: 133180. • http://www.ibm.com/support/docview.wss?uid=ibm10716747 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 2%CPEs: 2EXPL: 2CVE-2018-1563 – IBM Sterling B2B Integrator 5.2.0.1/5.2.6.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-1563
20 Jul 2018 — IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142967. IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway desde la versión 2.2.0 hasta la 2.2.6) es vulnerable a Cross-Site Scripting (XSS). Esta vu... • https://packetstorm.news/files/id/148882 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1564
https://notcve.org/view.php?id=CVE-2018-1564
20 Jul 2018 — IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could allow a local user with administrator privileges to obtain user passwords found in debugging messages. IBM X-Force ID: 142968. IBM Sterling B2B Integrator Standard Edition desde la versión 5.2 hasta la 5.2.6 podría permitir que un usuario local con privilegios de administrador obtenga contraseñas de usuario halladas en mensajes de depuración. IBM X-Force ID: 142968. • http://www.ibm.com/support/docview.wss?uid=ibm10716747 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •