CVSS: 10.0EPSS: 94%CPEs: 21EXPL: 2CVE-2015-7450 – IBM WebSphere Application Server and Server Hypervisor Edition Code Injection.
https://notcve.org/view.php?id=CVE-2015-7450
02 Jan 2016 — Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library. Interfaces de objetos serializados en determinados productos IBM analytics, business solutions, cognitive, IT infrastructure y mobile and social permiten a atacantes remotos ejecutar comandos arbitrario... • https://packetstorm.news/files/id/141631 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7410
https://notcve.org/view.php?id=CVE-2015-7410
01 Jan 2016 — The Health Check tool in IBM Sterling B2B Integrator 5.2 does not properly use cookies in conjunction with HTTPS sessions, which allows man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors. La herramienta Health Check en IBM Sterling B2B Integrator 5.2 no utiliza correctamente las cookies en conjunción con sesiones HTTPS, lo que permite a atacantes man-in-the-middle obtener información sensible o modificar datos a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21972676 • CWE-17: DEPRECATED: Code •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5019
https://notcve.org/view.php?id=CVE-2015-5019
08 Nov 2015 — IBM Sterling Integrator 5.1 before 5010004_8 and Sterling B2B Integrator 5.2 before 5020500_9 allow remote authenticated users to read or upload files by leveraging a password-change requirement. IBM Sterling Integrator 5.1 en versiones anteriores a 5010004_8 y Sterling B2B Integrator 5.2 en versiones anteriores a 5020500_9 permite a usuarios remotos autenticados leer o cargar archivos aprovechando un requerimiento de cambio de contraseña. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT11008 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4992
https://notcve.org/view.php?id=CVE-2015-4992
05 Oct 2015 — IBM Sterling B2B Integrator 5.2 before 5020500_8 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. IBM Sterling B2B Integrator 5.2 en versiones anteriores a 5020500_8 permite a usuarios remotos autenticados llevar a cabo ataques de secuestro de clic a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT10723 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0CVE-2014-6199
https://notcve.org/view.php?id=CVE-2014-6199
10 Jan 2015 — The HTTP Server Adapter in IBM Sterling B2B Integrator 5.1 and 5.2.x and Sterling File Gateway 2.1 and 2.2 allows remote attackers to cause a denial of service (connection-slot exhaustion) via a crafted HTTP request. El adaptador del servidor HTTP en IBM Sterling B2B Integrator 5.1 y 5.2.x y Sterling File Gateway 2.1 y 2.2 permite a atacantes remotos causar una denegación de servicio (agotamiento de ranuras de conexión) a través de una solicitud HTTP manipulada. • http://secunia.com/advisories/62082 • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6146
https://notcve.org/view.php?id=CVE-2014-6146
08 Nov 2014 — IBM Sterling B2B Integrator 5.2.x through 5.2.4, when the Connect:Direct Server Adapter is configured, does not properly process the logging configuration, which allows local users to obtain sensitive information by reading log files. IBM Sterling B2B Integrator 5.2.x hasta 5.2.4, cuando Connect:Direct Server Adapter está configurado, no procesa debidamente la configuración del registro, lo que permite a usuarios locales obtener información sensible mediante la lectura de ficheros del registro. • http://secunia.com/advisories/62190 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-6099
https://notcve.org/view.php?id=CVE-2014-6099
26 Oct 2014 — The Change Password feature in IBM Sterling B2B Integrator 5.2.x through 5.2.4 does not have a lockout protection mechanism for invalid login requests, which makes it easier for remote attackers to obtain admin access via a brute-force approach. La caracteristica Change Password en IBM Sterling B2B Integrator 5.2.x hasta 5.2.4 no tiene un mecanismo de protección de bloqueo para solicitudes de inicio de sesión inválidas, lo que facilita a atacantes remotos obtener el acceso a administración a través de un ac... • http://www-01.ibm.com/support/docview.wss?uid=swg1IT03935 • CWE-255: Credentials Management Errors •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2013-5405
https://notcve.org/view.php?id=CVE-2013-5405
21 Dec 2013 — Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters. Múltiples vulnerabilidades cross-site scripting (XSS) en IBM Sterling B2B Integrator 5.2 y Sterling File Gateway 2.2 permiten a usuarios remotos autenticados inyectar script web o HTML de forma arbitraria a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC96053 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2013-5406
https://notcve.org/view.php?id=CVE-2013-5406
21 Dec 2013 — Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, leading to improper interaction with the Windows MHTML protocol handler. Múltiples vulnerabilidades cross-site scripting (XSS) en IBM Sterling B2B Integrator 5.2 y Sterling File Gateway 2.2 permite a usuarios remotos autenticados inyectar script web o HTML de forma arbitraria a través de paráme... • http://www-01.ibm.com/support/docview.wss?uid=swg1IC96055 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-5407
https://notcve.org/view.php?id=CVE-2013-5407
21 Dec 2013 — IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not properly restrict use of FRAME elements, which allows remote authenticated users to bypass intended access restrictions or obtain sensitive information via a crafted web site, related to a "frame injection" issue. IBM Sterling B2B Integrator 5.2 y Sterling File Gateway 2.2 no restringen apropiadamente el uso de elementos FRAME, lo cual permite a usuarios remotos autenticados sortear restricciones de acceso u obtener información sensible a ... • http://www-01.ibm.com/support/docview.wss?uid=swg1IC96057 • CWE-20: Improper Input Validation •