CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20553 – IBM Sterling B2B Integrator Standard Edition cross-site scripting
https://notcve.org/view.php?id=CVE-2021-20553
18 Dec 2024 — IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Sterling B2B Integrator Standard Edition 5.2.0.0 a 6.1.1.0 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la interfaz de usuario we... • https://www.ibm.com/support/pages/node/6496761 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29700
https://notcve.org/view.php?id=CVE-2021-29700
07 Oct 2021 — IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain sensitive information from configuration files that could aid in further attacks against the system. IBM X-Force ID: 200656. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 6.1.1.0, podría permitir a un atacante autenticado obtener información confidencial de los archivos de configuración que podría ayudar a otros ataques contra el sistema. IBM X-Force ID: 200656 • https://exchange.xforce.ibmcloud.com/vulnerabilities/200656 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20584
https://notcve.org/view.php?id=CVE-2021-20584
07 Oct 2021 — IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 199397. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.1.1.0, podría permitir a un atacante remoto cargar archivos arbitrarios, causado por controles de acceso inapropiados. IBM X-Force ID: 199397 • https://exchange.xforce.ibmcloud.com/vulnerabilities/199397 •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20571
https://notcve.org/view.php?id=CVE-2021-20571
07 Oct 2021 — IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199246. IBM Sterling B2B Integrator versiones 5.2.0.0 hasta 6.1.1.0, es vulnerable a un ataque de tipo cross-site scripting almacenado. Esta vulnerabilidad permite a usuarios insertar código JavaScript ar... • https://exchange.xforce.ibmcloud.com/vulnerabilities/199246 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20561
https://notcve.org/view.php?id=CVE-2021-20561
07 Oct 2021 — IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199230. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.1.1.0, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfa... • https://exchange.xforce.ibmcloud.com/vulnerabilities/199230 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20376
https://notcve.org/view.php?id=CVE-2021-20376
07 Oct 2021 — IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. IBM X-Force ID: 195568. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.1.1.0, podría permitir a un atacante autenticado enumerar nombres de usuario debido a que se presenta una discrepancia observable en los mensajes devueltos. IBM X-Force ID: 195568 • https://exchange.xforce.ibmcloud.com/vulnerabilities/195568 • CWE-203: Observable Discrepancy •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20375
https://notcve.org/view.php?id=CVE-2021-20375
07 Oct 2021 — IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept and replace a message sent by another user due to improper access controls. IBM X-Force ID: 195567. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.1.1.0, podría permitir a un usuario autenticado interceptar y sustituir un mensaje enviado por otro usuario debido a controles de acceso inapropiados. IBM X-Force ID: 195567 • https://exchange.xforce.ibmcloud.com/vulnerabilities/195567 •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20372
https://notcve.org/view.php?id=CVE-2021-20372
07 Oct 2021 — IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote authenticated user to cause a denial of another user's service due to insufficient permission checking. IBM X-Force ID: 195518. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.1.1.0, podría permitir a un usuario autenticado remoto causar una denegación de servicio de otro usuario debido a una comprobación de permisos insuficiente. IBM X-Force ID: 195518 • https://exchange.xforce.ibmcloud.com/vulnerabilities/195518 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-38925
https://notcve.org/view.php?id=CVE-2021-38925
06 Oct 2021 — IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through 6.1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210171. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0. 0 hasta 6.1.1.0, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 210171 • https://exchange.xforce.ibmcloud.com/vulnerabilities/210171 • CWE-326: Inadequate Encryption Strength •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29855
https://notcve.org/view.php?id=CVE-2021-29855
06 Oct 2021 — IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205684. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 6.1.1.0, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar códi... • https://exchange.xforce.ibmcloud.com/vulnerabilities/205684 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •