CVSS: 8.0EPSS: 0%CPEs: 5EXPL: 0CVE-2016-9991
https://notcve.org/view.php?id=CVE-2016-9991
IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 121314. IBM Sterling Order Management versiones de 9.2 a 9.5 es vulnerable a falsificación de petición en sitios cruzados (CSRF) que podría permitir a un atacante ejecutar acciones malintencionadas y no autorizadas transmitidas por un usuario que confía en el sitio web. IBM X-Force ID: 121314 • http://www-01.ibm.com/support/docview.wss?uid=swg21998167 http://www.securityfocus.com/bid/96084 https://exchange.xforce.ibmcloud.com/vulnerabilities/121314 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-8917
https://notcve.org/view.php?id=CVE-2016-8917
IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 2000943. IBM Sterling Order Management 9.2 - 9.5 es vulnerable a la falsificación de solicitudes entre sitios cruzados que podría permitir a un atacante ejecutar acciones malintencionadas y no autorizadas transmitidas por un usuario que confía en el sitio web. IBM Reference #: 2000943. • http://www.ibm.com/support/docview.wss?uid=swg22000943 http://www.securityfocus.com/bid/97150 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2016-5953
https://notcve.org/view.php?id=CVE-2016-5953
IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error page where the session identifier is encoded as Base64 in the URL. IBM Sterling Order Management transmite el identificador de sesión dentro de la URL. Cuando un usuario no puede ver una determinada vista debido a que no se autorizan permisos, el sitio web responde con una página de error en la que el identificador de sesión se codifica como Base64 en la dirección URL. • http://www.ibm.com/support/docview.wss?uid=swg21994521 http://www.securityfocus.com/bid/95431 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1911
https://notcve.org/view.php?id=CVE-2015-1911
Cross-site scripting (XSS) vulnerability in Sterling Order Management 8.5 before HF113, Sterling Selling and Fulfillment Foundation 9.0.0 before FP92, and Sterling Field Sales (SFS) 9.0 before HF7 in IBM Sterling Selling and Fulfillment Suite allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en Sterling Order Management 8.5 anterior a HF113, Sterling Selling and Fulfillment Foundation 9.0.0 anterior a FP92, y Sterling Field Sales (SFS) 9.0 anterior a HF7 en IBM Sterling Selling and Fulfillment Suite permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21700864 http://www.securityfocus.com/bid/74224 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 8EXPL: 0CVE-2014-4807
https://notcve.org/view.php?id=CVE-2014-4807
Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 9.3.0 before FP8 allows remote authenticated users to cause a denial of service (CPU consumption) via a '\0' character. Sterling Order Management en IBM Sterling Selling and Fulfillment Suite 9.3.0 anterior a FP8 permite a usuarios remotos autenticados causar una denegación de servicio (consumo de CPU) a través de un caracter '\0'. • http://secunia.com/advisories/59549 http://www-01.ibm.com/support/docview.wss?uid=swg21690662 https://exchange.xforce.ibmcloud.com/vulnerabilities/95355 • CWE-399: Resource Management Errors •