Security Bulletin: IBM Sterling File Gateway is vulnerable to information disclosure (CVE-2021-39086)

Summary IBM Sterling File Gateway has addressed the an information discloure vulnerability. Vulnerability Details CVEID:CVE-2021-39086 DESCRIPTION: IBM Sterling File Gateway could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the...

Security Bulletin: IBM Sterling B2B Integrator Dashboard UI is vulner to SQL Injection (CVE-2021-39085)

Summary IBM Sterling B2B Integrator dashboard UI has addressed an SQL injection vulnerability. Vulnerability Details CVEID:CVE-2021-39085 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which...

CVE-2021-39086

IBM Sterling File Gateway 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the...

IBM Sterling B2B Integrator 信息泄露漏洞

IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. An information disclosure vulnerability exists in IBM Sterlin...

PT-2022-10817 · Ibm · Ibm Sterling B2B Integrator Standard Edition

Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator Standard Edition versions 6.0.0.0 through 6.0.3.5 IBM Sterling B2B Integrator Standard Edition versions 6.1.0.0 through 6.1.1.0 Description: The issue could disclose sensitive version information, potentially aidin...

Security Bulletin: IBM Sterling B2B Integrator vulnerable to multiple vulnerabilities due to CKEditor

Summary CKEditor is used by IBM Sterling B2B Integrator as part of B2B API. Multiple CKEditor vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2021-26272 DESCRIPTION: CKEditor is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in...

Security Bulletin: XXE Vulnerability in Drools Affects IBM Sterling B2B Integrator (CVE-2014-8125)

Summary IBM Sterling B2B Integrator has addressed the security vulnerability. Vulnerability Details CVEID: CVE-2014-8125 DESCRIPTION: Drools and jBPM could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection XXE error within the jBPM runtime. By...

Security Bulletin: Apache Commons BeanUtils Vulnerabilities Affect IBM Sterling B2B Integrator (CVE-2014-0114, CVE-2019-10086)

Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities. Vulnerability Details CVEID: CVE-2014-0114 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An...

Security Bulletin: XStream Vulnerability Affects IBM Sterling B2B Integrator (CVE-2021-29505)

Summary IBM Sterling B2B Integrator has addressed the security vulnerability. Vulnerability Details CVEID: CVE-2021-29505 DESCRIPTION: XStream XStream could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper input validation. By manipulating the...

Security Bulletin: Cross-Site Request Forgery Vulnerability Affects IBM Sterling B2B Integrator (CVE-2021-29837)

Summary BM Sterling B2B Integrator has addressed the security vulnerability. Vulnerability Details CVEID: CVE-2021-29837 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized action...

Security Bulletin: Weaker Cryptographic Algorithm Vulnerability Affects IBM Sterling B2B Integrator (CVE-2021-38925)

Summary IBM Sterling B2B Integrator has addressed the security vulnerability. Vulnerability Details CVEID: CVE-2021-38925 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive...

Security Bulletin: IBM Atlas eDiscovery Process Management vulnerable to cross-site scripting.

Summary Atlas eDiscovery Process Management has addressed cross-site scripting vulnerability, which allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Due to this...