CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1326
https://notcve.org/view.php?id=CVE-2017-1326
22 Jun 2017 — IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request. IBM X-Force ID: 126060. IBM Sterling File Gateway no restringe correctamente las peticiones de usuario en base al nivel de permisos. Esto permite que los usuarios actualicen datos relacionados con otros usuarios manipulando los parámetros que se pasan en la petición POST. • http://www.ibm.com/support/docview.wss?uid=swg22004274 • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9982
https://notcve.org/view.php?id=CVE-2016-9982
22 Jun 2017 — IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information such as account lists due to improper access control. IBM X-Force ID: 120274. Sterling B2B Integrator Standard Edition versión 5.2 de IBM, podría permitir a un usuario identificado obtener información confidencial, tales como listas de cuentas debido a un control de acceso inapropiado. ID de IBM X-Force: 120274. • http://www.ibm.com/support/docview.wss?uid=swg22004273 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9983
https://notcve.org/view.php?id=CVE-2016-9983
22 Jun 2017 — IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user with special privileges to view files that they should not have access to. IBM X-Force ID: 120275. Sterling B2B Integrator Standard Edition versión 5.2 de IBM, podría permitir a un usuario autenticado con privilegios especiales visualizar archivos a los que no debería tener acceso. ID de IBM X-Force: 120275. • http://www.ibm.com/support/docview.wss?uid=swg22004273 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0210
https://notcve.org/view.php?id=CVE-2016-0210
08 Feb 2017 — IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information. By allowing HTTP OPTIONS method, a remote attacker could send a specially-crafted query to a vulnerable server running to cause the server to disclose sensitive information in the HTTP response. IBM Sterling B2B Integrator Standard Edition podría permitir a un atacante remoto obtener información sensible. Permitiendo el método HTTP OPTIONS, un atacante remoto podría enviar una query especialmente mani... • http://www.ibm.com/support/docview.wss?uid=swg21981549 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2016-6020
https://notcve.org/view.php?id=CVE-2016-6020
01 Feb 2017 — IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM Sterling B2B Integrator Standard Edition ... • http://www.ibm.com/support/docview.wss?uid=swg21995794 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3057
https://notcve.org/view.php?id=CVE-2016-3057
30 Nov 2016 — Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en IBM Sterling B2B Integrator 5.2 en versiones anteriores a 5020500_14 y 5.2 06 en versiones anteriores a 5020602_1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT15790 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5890
https://notcve.org/view.php?id=CVE-2016-5890
30 Nov 2016 — IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors. IBM Sterling B2B Integrator 5.2 en versiones anteriores a 5020500_14 y 5.2 06 en versiones anteriores a 5020602_1 permite a usuarios remotos autenticados cambiar contraseñas arbitrarias a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT16043 • CWE-255: Credentials Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7431
https://notcve.org/view.php?id=CVE-2015-7431
02 Jan 2016 — Cross-site scripting (XSS) vulnerability in Queue Watcher in IBM Sterling B2B Integrator 5.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en Queue Watcher en IBM Sterling B2B Integrator 5.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT04830 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7437
https://notcve.org/view.php?id=CVE-2015-7437
02 Jan 2016 — Queue Watcher in IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive information via unspecified vectors. Queue Watcher en IBM Sterling B2B Integrator 5.2 permite a usuarios locales obtener información sensible a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC99482 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7438
https://notcve.org/view.php?id=CVE-2015-7438
02 Jan 2016 — IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive cleartext web-services information by leveraging database access. IBM Sterling B2B Integrator 5.2 permite a usuarios locales obtener información sensible de servicios web en texto plano aprovechando el acceso a la base de datos. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT09929 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •