Lucene search
K

2022 matches found

Snyk
Snyk
added 2026/03/12 1:56 a.m.1 views

Malicious Package

Overview b2b-common-cb-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/11 10:24 p.m.6 views

Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable due to Cryptographic Weakness in IBM Liberty Server ( CVE-2020-36732)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the cryptographic weakness vulnerability Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an intege...

5.3CVSS5.8AI score0.01075EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/11 10:20 p.m.8 views

Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable due to information disclosure (CVE-2025-14483)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed information disclosure security vulnerability Vulnerability Details CVEID:CVE-2025-14483 DESCRIPTION: IBM Sterling B2B Integrator and IBM Sterling File Gateway could disclose sensitive host information to authenticat...

6.5CVSS5.7AI score0.00241EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/05 8:50 p.m.7 views

Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway is Vulnerable to Denial of Service due to IBM Liberty Server (CVE-2025-36000)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the denial-of-service security vulnerability Vulnerability Details CVEID:CVE-2025-36000 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. Th...

4.8CVSS5.1AI score0.00165EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/01/30 11:16 p.m.6 views

CVE-2020-37033

Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usrname' parameter in login requests. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'usrname' parameter to potentially extract or...

8.8CVSS0.00362EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/30 10:7 p.m.3 views

CVE-2020-37033

Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usrname' parameter in login requests. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'usrname' parameter to potentially extract or...

8.8CVSS6AI score0.00362EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/30 10:7 p.m.3 views

CVE-2020-37033 Infor Storefront B2B 1.0 - 'usr_name' SQL Injection

Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usrname' parameter in login requests. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'usrname' parameter to potentially extract or...

8.8CVSS5.7AI score0.00362EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/30 10:7 p.m.21 views

CVE-2020-37033 Infor Storefront B2B 1.0 - 'usr_name' SQL Injection

Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usrname' parameter in login requests. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'usrname' parameter to potentially extract or...

8.8CVSS0.00362EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.9 views

Infor Storefront B2B SQL Injection Vulnerability

Infor Storefront B2B is an e-commerce platform provided by Infor Corporation in the United States. Version 1.0 of Infor Storefront B2B has a SQL injection vulnerability. This vulnerability stems from improper handling of the usrname parameter in login requests, which may lead to SQL injection...

8.8CVSS5.8AI score0.00362EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/21 3:27 p.m.9 views

CVE-2025-36113

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

5.4CVSS5.1AI score0.00144EPSS
Exploits0References1
OSV
OSV
added 2026/01/20 4:16 p.m.6 views

CVE-2025-36066

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadi...

6.1CVSS5.4AI score0.00172EPSS
Exploits0References1
OSV
OSV
added 2026/01/20 4:16 p.m.3 views

CVE-2025-36065

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system...

6.5CVSS5.8AI score0.00158EPSS
Exploits0References1
NVD
NVD
added 2026/01/20 4:16 p.m.5 views

CVE-2025-36065

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system...

6.5CVSS0.00158EPSS
Exploits0References1
CVE
CVE
added 2026/01/20 3:15 p.m.13 views

CVE-2025-36113

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 (builds 5.2.0.00–5.2.0.12) is vulnerable to cross-site scripting in the Web UI, exploitable by an authenticated user who can embed arbitrary JavaScript and potentially disclose credentials in a trusted session. The issue is do...

5.4CVSS5.1AI score0.00144EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/20 3:15 p.m.5 views

CVE-2025-36113 Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

5.4CVSS5.1AI score0.00144EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/20 3:14 p.m.4 views

CVE-2025-36066

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadi...

6.1CVSS5AI score0.00172EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/01/20 3:10 p.m.11 views

CVE-2025-36063

The vulnerability CVE-2025-36063 affects IBM Sterling Connect:Express Adapter for Sterling B2B Integrator, version 5.2.0.00–5.2.0.12. The root cause is that the adapter does not invalidate the user session after logout, potentially allowing an authenticated user to impersonate another user in the...

6.5CVSS5.5AI score0.00145EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.8 views

PT-2026-3590

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

5.4CVSS5.1AI score0.00144EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.10 views

PT-2026-3587

Name of the Vulnerable Software and Affected Versions IBM Sterling Connect:Express Adapter for Sterling B2B Integrator versions 5.2.0.00 through 5.2.0.12 Description The software does not invalidate session data after a user logs out. This could potentially allow an authenticated user to...

6.5CVSS5.4AI score0.00145EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/13 1:5 p.m.6 views

Security Bulletin: IBM B2B Advanced Communications is affected by vulnerability in XStream

Summary IBM B2B Advanced Communications has addressed a vulnerability in XStream library shipped with product CVE-2024-47072. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote...

7.5CVSS7.3AI score0.02015EPSS
Exploits0Affected Software1
Rows per page
Query Builder