CVE-2022-22483
https://notcve.org/view.php?id=CVE-2022-22483
IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979. IBM Db2 para Linux, UNIX y Windows versiones 9.7, 10.1, 10.5, 11.1 y 11.5, es vulnerable a una divulgación de información en algunos escenarios debido a un acceso no autorizado causado por una administración de privilegios inapropiada cuando es usado el comando CREATE OR REPLACE. IBM X-Force ID: 225979 • https://exchange.xforce.ibmcloud.com/vulnerabilities/225979 https://security.netapp.com/advisory/ntap-20230921-0004 https://www.ibm.com/support/pages/node/6618779 • CWE-269: Improper Privilege Management •
CVE-2022-34165
https://notcve.org/view.php?id=CVE-2022-34165
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 e IBM WebSphere Application Server Liberty versiones 17.0.0.3 a 22.0.0.9 son vulnerables a una inyección de encabezados HTTP, causada por una comprobación inapropiada. Esto podría permitir a un atacante conducir varios ataques contra el sistema vulnerable, incluyendo el envenenamiento de la caché y ataques de tipo cross-site scripting. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229429 https://www.ibm.com/support/pages/node/6618747 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2021-39087
https://notcve.org/view.php?id=CVE-2021-39087
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow an authenticated user to obtain sensitive information due to improper permission controls. IBM X-Force ID: 216109. IBM Sterling B2B Integrator Standard Edition versiones 6.0.0.0 hasta 6.0.3.5, 6.1.0.0 hasta 6.1.0.4, y 6.1.1.0 hasta 6.1.1.1, podría permitir a un usuario autenticado obtener información confidencial debido a controles de permisos inapropiados. IBM X-Force ID: 216109. • https://exchange.xforce.ibmcloud.com/vulnerabilities/216109 https://www.ibm.com/support/pages/node/6612541 • CWE-276: Incorrect Default Permissions •
CVE-2021-39086
https://notcve.org/view.php?id=CVE-2021-39086
IBM Sterling File Gateway 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 215889. IBM Sterling File Gateway versiones 6.0.0.0 hasta 6.0.3.5, 6.1.0.0 hasta 6.1.0.4 y 6.1.1.0 hasta 6.1.1.1, podrían permitir a un atacante remoto obtener información confidencial cuando es devuelto un mensaje de error técnico detallado en el navegador. Esta información podría usarse en otros ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/215889 https://www.ibm.com/support/pages/node/6612537 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2021-39085
https://notcve.org/view.php?id=CVE-2021-39085
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 215888. IBM Sterling B2B Integrator Standard Edition versiones 6.0.0.0 hasta 6.0.3.5, 6.1.0.0 hasta 6.1.0.4 y 6.1.1.0 hasta 6.1.1.1, es vulnerable a una inyección SQL. Un atacante remoto podría enviar sentencias SQL especialmente diseñadas, que podrían permitir al atacante visualizar, añadir, modificar o eliminar información en la base de datos del back-end. • https://exchange.xforce.ibmcloud.com/vulnerabilities/215888 https://www.ibm.com/support/pages/node/6612505 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •