CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20584
https://notcve.org/view.php?id=CVE-2021-20584
07 Oct 2021 — IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 199397. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.1.1.0, podría permitir a un atacante remoto cargar archivos arbitrarios, causado por controles de acceso inapropiados. IBM X-Force ID: 199397 • https://exchange.xforce.ibmcloud.com/vulnerabilities/199397 •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20561
https://notcve.org/view.php?id=CVE-2021-20561
07 Oct 2021 — IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199230. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.1.1.0, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfa... • https://exchange.xforce.ibmcloud.com/vulnerabilities/199230 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20376
https://notcve.org/view.php?id=CVE-2021-20376
07 Oct 2021 — IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. IBM X-Force ID: 195568. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.1.1.0, podría permitir a un atacante autenticado enumerar nombres de usuario debido a que se presenta una discrepancia observable en los mensajes devueltos. IBM X-Force ID: 195568 • https://exchange.xforce.ibmcloud.com/vulnerabilities/195568 • CWE-203: Observable Discrepancy •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20375
https://notcve.org/view.php?id=CVE-2021-20375
07 Oct 2021 — IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept and replace a message sent by another user due to improper access controls. IBM X-Force ID: 195567. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.1.1.0, podría permitir a un usuario autenticado interceptar y sustituir un mensaje enviado por otro usuario debido a controles de acceso inapropiados. IBM X-Force ID: 195567 • https://exchange.xforce.ibmcloud.com/vulnerabilities/195567 •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20372
https://notcve.org/view.php?id=CVE-2021-20372
07 Oct 2021 — IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote authenticated user to cause a denial of another user's service due to insufficient permission checking. IBM X-Force ID: 195518. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.1.1.0, podría permitir a un usuario autenticado remoto causar una denegación de servicio de otro usuario debido a una comprobación de permisos insuficiente. IBM X-Force ID: 195518 • https://exchange.xforce.ibmcloud.com/vulnerabilities/195518 •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2014-0912
https://notcve.org/view.php?id=CVE-2014-0912
20 Apr 2018 — IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to obtain sensitive product information via vectors related to an error page. IBM X-Force ID: 92072. IBM Sterling B2B Integrator 5.1 y 5.2 y Sterling File Gateway 2.1 y 2.2 permiten que atacantes remotos obtengan información sensible del producto mediante vectores relacionados con una página de error. IBM X-Force ID: 92072. • http://www-01.ibm.com/support/docview.wss?uid=swg21674739 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2014-0927
https://notcve.org/view.php?id=CVE-2014-0927
20 Apr 2018 — The ActiveMQ admin user interface in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote attackers to bypass authentication by leveraging knowledge of the port number and webapp path. IBM X-Force ID: 92259. La interfaz de usuario administrativo Active MQ en IBM Sterling B2B Integrator 5.1 y 5.2 y Sterling File Gateway 2.1 y 2.2 permite que atacantes remotos omitan la autenticación aprovechando el conocimiento del número de puerto y la ruta de la webapp. IBM X-Force ID... • http://www-01.ibm.com/support/docview.wss?uid=swg21674739 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-0194
https://notcve.org/view.php?id=CVE-2015-0194
02 Aug 2017 — XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data. Una vulnerabilidad de tipo XML External Entity (XXE) en las versiones 5.1 y 5.2 de IBM Sterling B2B Integrator y las versiones 2.1 y 2.2 de IBM Sterling File Gateway permite a los atacantes leer archivos arbitrarios utilizando datos XML manipulados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT06733 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0210
https://notcve.org/view.php?id=CVE-2016-0210
08 Feb 2017 — IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information. By allowing HTTP OPTIONS method, a remote attacker could send a specially-crafted query to a vulnerable server running to cause the server to disclose sensitive information in the HTTP response. IBM Sterling B2B Integrator Standard Edition podría permitir a un atacante remoto obtener información sensible. Permitiendo el método HTTP OPTIONS, un atacante remoto podría enviar una query especialmente mani... • http://www.ibm.com/support/docview.wss?uid=swg21981549 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 94%CPEs: 21EXPL: 2CVE-2015-7450 – IBM WebSphere Application Server and Server Hypervisor Edition Code Injection.
https://notcve.org/view.php?id=CVE-2015-7450
02 Jan 2016 — Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library. Interfaces de objetos serializados en determinados productos IBM analytics, business solutions, cognitive, IT infrastructure y mobile and social permiten a atacantes remotos ejecutar comandos arbitrario... • https://packetstorm.news/files/id/141631 • CWE-502: Deserialization of Untrusted Data •