CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-4658
https://notcve.org/view.php?id=CVE-2020-4658
16 Dec 2020 — IBM Sterling File Gateway 2.2.0.0 through 6.0.3.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186095. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.0.3.2, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfa... • https://exchange.xforce.ibmcloud.com/vulnerabilities/186095 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-4657
https://notcve.org/view.php?id=CVE-2020-4657
16 Dec 2020 — IBM Sterling B2B Integrator 5.2.0.0 through 6.0.3.2 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186094. IBM Sterling B2B Integrator versiones 5.2.0.0 hasta 6.0.3.2, Standard Edition, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar cód... • https://exchange.xforce.ibmcloud.com/vulnerabilities/186094 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-4738
https://notcve.org/view.php?id=CVE-2019-4738
10 Dec 2020 — IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.1 discloses sensitive information to an authenticated user from the dashboard UI which could be used in further attacks against the system. IBM X-Force ID: 172753. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 5.2.6.5 y versiones 6.0.0.0 hasta 6.0.3.1, revela información confidencial a un usuario autenticado desde la interfaz de usuario del panel de control que podría ser usado en nuevos ata... • https://exchange.xforce.ibmcloud.com/vulnerabilities/172753 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-4937
https://notcve.org/view.php?id=CVE-2020-4937
20 Nov 2020 — IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 191814. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 6.0.3.2, usa algoritmos criptográficos más débiles de lo esperado lo que podría permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 191814 • https://exchange.xforce.ibmcloud.com/vulnerabilities/191814 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 3.3EPSS: 0%CPEs: 15EXPL: 0CVE-2020-4629
https://notcve.org/view.php?id=CVE-2020-4629
30 Sep 2020 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, podría permitir a un usuario local con acceso especializado obtener información confidencial a partir de un mensaje de error técnico detallado. Esta información podría ser... • https://exchange.xforce.ibmcloud.com/vulnerabilities/185370 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0CVE-2020-4578
https://notcve.org/view.php?id=CVE-2020-4578
10 Sep 2020 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 184433. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/184433 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2020-4559
https://notcve.org/view.php?id=CVE-2020-4559
28 Aug 2020 — IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a denial of service due ti improper validation of user-supplied input. IBM X-Force ID: 183613. IBM Spectrum Protect versiones 7.1 y 8.1, podrían permitir a un atacante causar una denegación de servicio debido a una comprobación inapropiada de la entrada suministrada por el usuario. IBM X-Force ID: 183613 • https://exchange.xforce.ibmcloud.com/vulnerabilities/183613 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-4320
https://notcve.org/view.php?id=CVE-2020-4320
16 Jun 2020 — IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. IBM X-Force ID: 177403. IBM MQ Appliance e IBM MQ AMQP Channels versiones 8.0, 9.0 LTS, 9.1 LTS y 9.1 CD, no bloquean ni habilitan correctamente a los clientes basados en la configuración SSLPEER del nombre distinguido del certificado. IBM X-Force ID: 177403 • https://exchange.xforce.ibmcloud.com/vulnerabilities/177403 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2020-4310
https://notcve.org/view.php?id=CVE-2020-4310
16 Jun 2020 — IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. IBM X-Force ID: 177081. IBM MQ y MQ Appliance versiones 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS y versión 9.1 C, son vulnerables a un ataque de denegación de servicio debido a un error en la lógica de Conversión de Datos. ID de IBM X-Force: 177081 • https://exchange.xforce.ibmcloud.com/vulnerabilities/177081 •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2020-4365
https://notcve.org/view.php?id=CVE-2020-4365
14 May 2020 — IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964. IBM WebSphere Application Server versión 8.5, es vulnerable a un ataque de tipo server-side request forgery. Al enviar una petición especialmente diseñada, un atacante autenticado remoto podría explotar esta vulnerabilidad para obtener datos confidenciales. • https://exchange.xforce.ibmcloud.com/vulnerabilities/178964 • CWE-918: Server-Side Request Forgery (SSRF) •