CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0210
https://notcve.org/view.php?id=CVE-2016-0210
08 Feb 2017 — IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information. By allowing HTTP OPTIONS method, a remote attacker could send a specially-crafted query to a vulnerable server running to cause the server to disclose sensitive information in the HTTP response. IBM Sterling B2B Integrator Standard Edition podría permitir a un atacante remoto obtener información sensible. Permitiendo el método HTTP OPTIONS, un atacante remoto podría enviar una query especialmente mani... • http://www.ibm.com/support/docview.wss?uid=swg21981549 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2016-6020
https://notcve.org/view.php?id=CVE-2016-6020
01 Feb 2017 — IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM Sterling B2B Integrator Standard Edition ... • http://www.ibm.com/support/docview.wss?uid=swg21995794 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3057
https://notcve.org/view.php?id=CVE-2016-3057
30 Nov 2016 — Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en IBM Sterling B2B Integrator 5.2 en versiones anteriores a 5020500_14 y 5.2 06 en versiones anteriores a 5020602_1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT15790 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5890
https://notcve.org/view.php?id=CVE-2016-5890
30 Nov 2016 — IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors. IBM Sterling B2B Integrator 5.2 en versiones anteriores a 5020500_14 y 5.2 06 en versiones anteriores a 5020602_1 permite a usuarios remotos autenticados cambiar contraseñas arbitrarias a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT16043 • CWE-255: Credentials Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7431
https://notcve.org/view.php?id=CVE-2015-7431
02 Jan 2016 — Cross-site scripting (XSS) vulnerability in Queue Watcher in IBM Sterling B2B Integrator 5.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en Queue Watcher en IBM Sterling B2B Integrator 5.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT04830 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7437
https://notcve.org/view.php?id=CVE-2015-7437
02 Jan 2016 — Queue Watcher in IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive information via unspecified vectors. Queue Watcher en IBM Sterling B2B Integrator 5.2 permite a usuarios locales obtener información sensible a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC99482 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7438
https://notcve.org/view.php?id=CVE-2015-7438
02 Jan 2016 — IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive cleartext web-services information by leveraging database access. IBM Sterling B2B Integrator 5.2 permite a usuarios locales obtener información sensible de servicios web en texto plano aprovechando el acceso a la base de datos. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT09929 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 94%CPEs: 21EXPL: 2CVE-2015-7450 – IBM WebSphere Application Server and Server Hypervisor Edition Code Injection.
https://notcve.org/view.php?id=CVE-2015-7450
02 Jan 2016 — Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library. Interfaces de objetos serializados en determinados productos IBM analytics, business solutions, cognitive, IT infrastructure y mobile and social permiten a atacantes remotos ejecutar comandos arbitrario... • https://packetstorm.news/files/id/141631 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7410
https://notcve.org/view.php?id=CVE-2015-7410
01 Jan 2016 — The Health Check tool in IBM Sterling B2B Integrator 5.2 does not properly use cookies in conjunction with HTTPS sessions, which allows man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors. La herramienta Health Check en IBM Sterling B2B Integrator 5.2 no utiliza correctamente las cookies en conjunción con sesiones HTTPS, lo que permite a atacantes man-in-the-middle obtener información sensible o modificar datos a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21972676 • CWE-17: DEPRECATED: Code •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5019
https://notcve.org/view.php?id=CVE-2015-5019
08 Nov 2015 — IBM Sterling Integrator 5.1 before 5010004_8 and Sterling B2B Integrator 5.2 before 5020500_9 allow remote authenticated users to read or upload files by leveraging a password-change requirement. IBM Sterling Integrator 5.1 en versiones anteriores a 5010004_8 y Sterling B2B Integrator 5.2 en versiones anteriores a 5020500_9 permite a usuarios remotos autenticados leer o cargar archivos aprovechando un requerimiento de cambio de contraseña. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT11008 • CWE-264: Permissions, Privileges, and Access Controls •