CVE-2014-0912
https://notcve.org/view.php?id=CVE-2014-0912
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to obtain sensitive product information via vectors related to an error page. IBM X-Force ID: 92072. IBM Sterling B2B Integrator 5.1 y 5.2 y Sterling File Gateway 2.1 y 2.2 permiten que atacantes remotos obtengan información sensible del producto mediante vectores relacionados con una página de error. IBM X-Force ID: 92072. • http://www-01.ibm.com/support/docview.wss?uid=swg21674739 https://exchange.xforce.ibmcloud.com/vulnerabilities/92072 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-0927
https://notcve.org/view.php?id=CVE-2014-0927
The ActiveMQ admin user interface in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote attackers to bypass authentication by leveraging knowledge of the port number and webapp path. IBM X-Force ID: 92259. La interfaz de usuario administrativo Active MQ en IBM Sterling B2B Integrator 5.1 y 5.2 y Sterling File Gateway 2.1 y 2.2 permite que atacantes remotos omitan la autenticación aprovechando el conocimiento del número de puerto y la ruta de la webapp. IBM X-Force ID: 92259. • http://www-01.ibm.com/support/docview.wss?uid=swg21674739 https://exchange.xforce.ibmcloud.com/vulnerabilities/92259 • CWE-287: Improper Authentication •
CVE-2017-1482
https://notcve.org/view.php?id=CVE-2017-1482
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128620. IBM Sterling B2B Integrator Standard Edition 5.2 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=swg22010762 http://www.securityfocus.com/bid/102035 https://exchange.xforce.ibmcloud.com/vulnerabilities/128620 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-1481
https://notcve.org/view.php?id=CVE-2017-1481
IBM Sterling B2B Integrator Standard Edition 5.2 allows a user to view sensitive information that belongs to another user. IBM X-Force ID: 128619. IBM Sterling B2B Integrator Standard Edition 5.2 permite que un usuario vea información sensible que pertenece a otro usuario. IBM X-Force ID: 128619. • http://www.ibm.com/support/docview.wss?uid=swg22010761 http://www.securityfocus.com/bid/102043 https://exchange.xforce.ibmcloud.com/vulnerabilities/128619 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-1174
https://notcve.org/view.php?id=CVE-2017-1174
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123296. IBM Sterling B2B Integrator Standard Edition 5.2 es vulnerable a inyecciones SQL. Un atacante remoto podría enviar instrucciones SQL especialmente manipuladas que podrían permitir que el atacante viese, añadiese, modificase o borrase información en la base de datos del backend. • http://www.ibm.com/support/docview.wss?uid=swg22004268 http://www.securityfocus.com/bid/100246 https://exchange.xforce.ibmcloud.com/vulnerabilities/123296 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •