CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56338 – IBM Sterling B2B Integrator cross-site scripting
https://notcve.org/view.php?id=CVE-2024-56338
11 Mar 2025 — IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7185265 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52905 – IBM Sterling B2B Integrator information disclosure
https://notcve.org/view.php?id=CVE-2024-52905
10 Mar 2025 — IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 could disclose sensitive database information to a privileged user. • https://www.ibm.com/support/pages/node/7185264 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-47116 – IBM Sterling B2B Integrator cross-site scripting
https://notcve.org/view.php?id=CVE-2024-47116
31 Jan 2025 — IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7182046 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45089 – IBM Sterling B2B Integrator information disclosure
https://notcve.org/view.php?id=CVE-2024-45089
31 Jan 2025 — IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition EBICS server could allow an authenticated user to obtain sensitive filename information due to an observable discrepancy. • https://www.ibm.com/support/pages/node/7182063 • CWE-203: Observable Discrepancy •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49807 – IBM Sterling B2B Integrator cross-site scripting
https://notcve.org/view.php?id=CVE-2024-49807
31 Jan 2025 — IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7182011 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40696 – IBM Sterling B2B Integrator cross-site scripting
https://notcve.org/view.php?id=CVE-2024-40696
31 Jan 2025 — IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7182011 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-47103 – IBM Sterling B2B Integrator cross-site scripting
https://notcve.org/view.php?id=CVE-2024-47103
31 Jan 2025 — IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7182011 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38739 – IBM Sterling B2B Integrator cross-site request forgery
https://notcve.org/view.php?id=CVE-2023-38739
31 Jan 2025 — IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. • https://www.ibm.com/support/pages/node/7182004 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-50316 – IBM Sterling B2B Integrator information disclosure
https://notcve.org/view.php?id=CVE-2023-50316
28 Jan 2025 — IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete ... • https://www.ibm.com/support/pages/node/7176072 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27263 – IBM Sterling B2B Integrator information disclosure
https://notcve.org/view.php?id=CVE-2024-27263
28 Jan 2025 — IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to obtain sensitive information from the dashboard UI using man in the middle techniques. • https://www.ibm.com/support/pages/node/7176072 • CWE-300: Channel Accessible by Non-Endpoint •