Lucene search
K

68 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:27 a.m.53 views

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to Cross-Site Scripting (CVE-2022-34330)

Summary IBM Sterling B2B Integrator has addressed the cross-site scripting vulnerability Vulnerability Details CVEID:CVE-2022-34330 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code i...

6.1CVSS5.9AI score0.00392EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:27 a.m.37 views

Security Bulletin: B2B API of IBM Sterling B2B Integrator is vulnerable to Cross Origin Resource Sharing (CORS) (CVE-2021-38928)

Summary IBM Sterling B2B Integrator has addressed the Cross Origin Sharing vulnerability in B2B API Vulnerability Details CVEID:CVE-2021-38928 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged...

5.4CVSS5.1AI score0.00381EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:26 a.m.41 views

Security Bulletin: B2B API of IBM Sterling B2B Integrator is vulnerable to information disclosure (CVE-2022-22337)

Summary IBM Sterling B2B Integrator has addressed the information disclousre vulnerability in B2B API Vulnerability Details CVEID:CVE-2022-22337 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition could disclose sensitive information to an authenticated user. CVSS Base score: 4.3 CVSS...

6.5CVSS6AI score0.00522EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:25 a.m.40 views

Security Bulletin: EBICS Client of IBM Sterling B2B Integrartor is vulnerable SQL Injection (CVE-2022-22338)

Summary IBM Sterling B2B Integrator has addressed the SQL injection vulnerability in EBICS client. Vulnerability Details CVEID:CVE-2022-22338 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements,...

9.8CVSS9.8AI score0.00677EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/06 8:51 p.m.23 views

Security Bulletin: IBM Sterling B2B Integrator is affected by security vulnerability in OpenSSH

Summary IBM Sterling B2B Integrator is affected by security vulnerability in OpenSSH Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity chec...

5.9CVSS6.8AI score0.9378EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/04 8:11 p.m.58 views

Security Bulletin: IBM Sterling B2B Integrator is Vulnerable to Remote Code Execution

Summary IBM Sterling B2B Integrator has addressed the remote code execution vulnerabilty Vulnerability Details CVEID:CVE-2024-31903 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition allow an attacker on the local network to execute arbitrary code on the system, caused by the deserializati...

8.8CVSS7.9AI score0.00968EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.25 views

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to cross-site scripting (CVE-2024-31913 CVE-2024-31914)

Summary IBM Sterling B2B Integrator is vulnerable to cross-site scripting. Vulnerability Details CVEID:CVE-2024-31914 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the W...

6.4CVSS5.9AI score0.00236EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/04 3:17 p.m.7 views

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to information disclosure due to Apache Commons Codec (177835)

Summary IBM Sterling B2B Integrator uses Apache Commons Codec. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details IBM X-Force ID: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the...

6.6AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/14 7:12 p.m.28 views

Security Bulletin: IBM B2B Sterling Integrator is affected by Apache Commons Net vulnerability information disclosure (CVE-2021-37533)

Summary IBM B2B Sterling Integrator is affected by Apache Commons Net vulnerability information disclosure CVE-2021-37533 Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with the FTP clien...

6.5CVSS5.9AI score0.01858EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/14 4:56 p.m.24 views

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to information disclosure

Summary IBM Sterling B2B Integrator is vulnerable to information disclosure . Vulnerability Details CVEID:CVE-2024-27263 DESCRIPTION: IBM Sterling B2B Integrator could allow an authenticated user to obtain sensitive information from the dashboard UI using man in the middle techniques. CWE:CWE-300...

5.3CVSS5.8AI score0.0026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/14 4:48 p.m.17 views

Security Bulletin: IBM Sterling B2B Integrator is affected by IBM WebSphere Application Server risky configuration cryptography

Summary IBM Sterling B2B Integrator is affected by IBM WebSphere Application Server risky configuration cryptography Vulnerability Details CVEID:CVE-2023-50312 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound...

6.5CVSS6.3AI score0.00592EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/14 4:32 p.m.21 views

Security Bulletin: IBM B2B Sterling Integrator is affected by Apache Axis vulnerability to server-side request forgery

Summary IBM B2B Sterling Integrator is affected by Apache Axis vulnerability to server-side request forgery. Vulnerability Details CVEID:CVE-2023-51441 DESCRIPTION: Apache Axis is vulnerable to server-side request forgery, caused by a improper input validation by the service admin HTTP API. By...

7.2CVSS6.3AI score0.01213EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/14 3:57 p.m.31 views

Security Bulletin: IBM Sterling B2B Integrator is affected by multiple vulnerabilities in Eclipse Jetty

Summary IBM Sterling B2B Integrator is affected by multiple vulnerabilities in Eclipse Jetty Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication validation when using t...

5.3CVSS6.6AI score0.01069EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/14 3:12 p.m.13 views

Security Bulletin: IBM B2B Sterling Integrator is vunerable to information disclosure due to Spring Boot

Summary IBM B2B Sterling Integrator is vunerable to information disclosure due to Spring Boot Vulnerability Details CVEID:CVE-2023-34055 DESCRIPTION: VMware Tanzu Spring Boot is vulnerable to a denial of service, caused by a flaw when application uses Spring MVC or Spring WebFlux or...

6.5CVSS6.8AI score0.01219EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/14 2:58 p.m.15 views

Security Bulletin: IBM B2B Sterling Integrator is vunerable to denial of services attacks due to an Apache Commons vulnerability

Summary IBM B2B Sterling Integrator is vunerable to denial of services attacks due to an Apache Commons vulnerability Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading a victim to op...

8.1CVSS6.6AI score0.00441EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/14 1:36 p.m.25 views

Security Bulletin: IBM B2B Sterling Integrator is affected by Apache MINA SSHD vulnerability to information disclosure (CVE-2023-35887)

Summary IBM B2B Sterling Integrator is affected by Apache MINA SSHD vulnerability to information disclosure. Vulnerability Details CVEID:CVE-2023-35887 DESCRIPTION: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA. In SFTP servers...

5CVSS5.9AI score0.0098EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/29 3:48 a.m.20 views

Security Bulletin: IBM Concert is vulnerable to sensitive data disclosure (CVE-2024-49354)

Summary IBM Concert is vulnerable to sensitive information disclosure through specially crafted API Calls. Vulnerability Details CVEID:CVE-2024-49354 DESCRIPTION: IBM Concert is vulnerable to sensitive information disclosure through specially crafted API Calls. CWE:CWE-213: Exposure of Sensitive...

7.5CVSS6.1AI score0.00325EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/15 2:50 p.m.34 views

Security Bulletin: IBM Edge Application Manager 4.5.8 addresses the security vulnerabilities listed in the CVEs below.

Summary IBM Edge Application Manager 4.5.8 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: pillarjs send is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could...

7.5CVSS7.8AI score0.00932EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/12 4:15 a.m.14 views

Security Bulletin: IBM Concert Software is vulnerable to session hijacking (CVE-2024-43180)

Summary IBM Concert cookie settings are vulnerable to session hijacking. Vulnerability Details CVEID:CVE-2024-43180 DESCRIPTION: IBM Concert does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a...

4.3CVSS4.1AI score0.0022EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/26 2:33 p.m.77 views

Security Bulletin: IBM Edge Application Manager 4.5.6 addresses the security vulnerabilities listed in the CVEs below.

Summary IBM Edge Application Manager 4.5.6 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-29018 DESCRIPTION: moby could allow a remote attacker to obtain sensitive information, caused by incorrect resource transfer between spheres. By sending...

7.8CVSS7.6AI score0.01429EPSS
Exploits2Affected Software1
Rows per page
Query Builder