CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29760
https://notcve.org/view.php?id=CVE-2021-29760
06 Oct 2021 — IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to download unauthorized files through the dashboard user interface. IBM X-Force ID: 202213. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 6.1.1.0, podría permitir a un usuario autenticado descargar archivos no autorizados mediante la interfaz de usuario del cuadro de mandos. IBM X-Force ID: 202213 • https://exchange.xforce.ibmcloud.com/vulnerabilities/202213 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29758
https://notcve.org/view.php?id=CVE-2021-29758
06 Oct 2021 — IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to perform actions that they should not be able to access due to improper access controls. IBM X-Force ID: 202169. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 6.1.1.0, podría permitir a un usuario autenticado llevar a cabo acciones a las que no debería poder acceder debido a controles de acceso inapropiados. IBM X-Force ID: 202169 • https://exchange.xforce.ibmcloud.com/vulnerabilities/202169 •
CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 3CVE-2021-20562 – IBM Sterling B2B Integrator Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-20562
27 Jul 2021 — IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 and 6.1.0.0 through 6.1.0.2 vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199232. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta la versión 5.2.6.5_3 y versiones 6.1.0.0 hasta la versión 6.1.0.2 son vulnerables a las se... • https://packetstorm.news/files/id/164782 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-4646
https://notcve.org/view.php?id=CVE-2020-4646
19 May 2021 — IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5, 6.0.0.0 through 6.0.3.3, and 6.1.0.0 through 6.1.0.2 could allow an authenticated user to view pages they shoiuld not have access to due to improper authorization control. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 5.2.6.5, versiones 6.0.0.0 hasta 6.0.3.3 y versiones 6.1.0.0 hasta 6.1.0.2, podría permitir a un usuario autenticado visualizar páginas a las que no debería tener acceso debido a un control de autoriza... • https://exchange.xforce.ibmcloud.com/vulnerabilities/185808 •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-4762
https://notcve.org/view.php?id=CVE-2020-4762
05 Jan 2021 — IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow an authenticated user to create a privileged account due to improper access controls. IBM X-Force ID: 188896. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 5.2.6.5_2, versiones 6.0.0.0 hasta 6.0.3.2 y 6.1.0.0, podría permitir a un usuario autenticado crear una cuenta con privilegios debido a controles de acceso inapropiados. IBM X-Force ID: 188896 • https://exchange.xforce.ibmcloud.com/vulnerabilities/188896 •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2020-4761
https://notcve.org/view.php?id=CVE-2020-4761
05 Jan 2021 — IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 188895. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 5.2.6.5_2, versiones 6.0.0.0 hasta 6.0.3.2 y 6.1.0.0, podría permitir a un atacante remoto conseguir informaci... • https://exchange.xforce.ibmcloud.com/vulnerabilities/188895 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0CVE-2019-4728
https://notcve.org/view.php?id=CVE-2019-4728
05 Jan 2021 — IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges. IBM X-Force ID: 172452. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 5.2.6.5_2, versiones 6.0.0.0 hasta 6.0.3.2 y 6.1.0.0, pod... • https://exchange.xforce.ibmcloud.com/vulnerabilities/172452 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-4657
https://notcve.org/view.php?id=CVE-2020-4657
16 Dec 2020 — IBM Sterling B2B Integrator 5.2.0.0 through 6.0.3.2 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186094. IBM Sterling B2B Integrator versiones 5.2.0.0 hasta 6.0.3.2, Standard Edition, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar cód... • https://exchange.xforce.ibmcloud.com/vulnerabilities/186094 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-4738
https://notcve.org/view.php?id=CVE-2019-4738
10 Dec 2020 — IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.1 discloses sensitive information to an authenticated user from the dashboard UI which could be used in further attacks against the system. IBM X-Force ID: 172753. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 5.2.6.5 y versiones 6.0.0.0 hasta 6.0.3.1, revela información confidencial a un usuario autenticado desde la interfaz de usuario del panel de control que podría ser usado en nuevos ata... • https://exchange.xforce.ibmcloud.com/vulnerabilities/172753 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-4937
https://notcve.org/view.php?id=CVE-2020-4937
20 Nov 2020 — IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 191814. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 6.0.3.2, usa algoritmos criptográficos más débiles de lo esperado lo que podría permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 191814 • https://exchange.xforce.ibmcloud.com/vulnerabilities/191814 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •