Page 8 of 53 results (0.010 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 167879. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 5.2.6.5, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/167879 https://www.ibm.com/support/pages/node/3144369 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 167878. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 5.2.6.5, podría permitir a un atacante remoto conducir ataques de phishing, usando un ataque de redireccionamiento abierto. • https://exchange.xforce.ibmcloud.com/vulnerabilities/167878 https://www.ibm.com/support/pages/node/3137439 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals sensitive information from a stack trace that could be used in further attacks against the system. IBM X-Force ID: 162803. IBM Sterling B2B Integrator versiones 6.0.0.0 y 6.0.0.1, revela información confidencial de un rastreo de pila que podría ser usado en nuevos ataques contra el sistema. ID de IBM X-Force: 162803. • http://www.securityfocus.com/bid/108915 https://exchange.xforce.ibmcloud.com/vulnerabilities/162083 https://www.ibm.com/support/docview.wss?uid=ibm10887853 • CWE-209: Generation of Error Message Containing Sensitive Information •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

IBM Sterling B2B Integrator Standard Edition 5.2.0.1, 5.2.6.3_6, 6.0.0.0, and 6.0.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 147294. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.1, 5.2.6.3_6, 6.0.0.0 y 6.0.0.1 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente sensible. IBM X-Force ID: 147294. • https://exchange.xforce.ibmcloud.com/vulnerabilities/147294 https://www.ibm.com/support/docview.wss?uid=ibm10880601 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0

IBM Sterling B2B Integrator Standard Edition 5.2.0 snf 6.0.0.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 156239. IBM Sterling B2B Integrator Standard Edition 5.2.0 snf 6.0.0.0 es vulnerable a ataques de XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sensible o consumir recursos de la memoria. • http://www.securityfocus.com/bid/107778 https://exchange.xforce.ibmcloud.com/vulnerabilities/156239 https://www.ibm.com/support/docview.wss?uid=ibm10874238 • CWE-611: Improper Restriction of XML External Entity Reference •