46 matches found
Security Bulletin: IBM B2B Advanced Communications is vulnerable to cross-site scripting due to the vulnerability of 10x (CVE-2016-5892)
Summary IBM B2B Advanced Communications is vulnerable to cross-site scripting due to the vulnerability of 10x. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality, potentially leading to credentials disclosure within a trusted...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM B2B Advanced Communications.
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 Service Refresh 9 Fix Pack 40 that is used by IBM B2B Advanced Communications. These issues were disclosed as part of the IBM Java SDK updates in July 2016. Vulnerability Details CVEID: CVE-2016-3485...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM B2B Advanced Communications (CVE-2016-3427 and CVE-2016-3426)
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7.0 that is used by IBM B2B Advanced Communications. These issues were disclosed as part of the IBM Java SDK updates for April 2016. Vulnerability Details CVEID: CVE-2016-3427 DESCRIPTION: An...
Security Bulletin: Information disclosure vulnerability in IBM B2B Advanced Communications (CVE-2016-0341).
Summary IBM B2B Advanced Communications can disclose sensitive information such as usernames, passwords, machine name, sensitive file locations, or any combination of that information. This information could be used to aid in further attacks against the system. Vulnerability Details CVEID:...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM B2B Advanced Communications.
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7.0 SR7 that is used by IBM Multi-Enterprise Integration Gateway. These issues were disclosed as part of the IBM Java SDK updates for October 2015 and January 2016. Vulnerability Details CVEID...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM B2B Advanced Communications (CVE-2015-0138, CVE-2014-6593, CVE-2015-0410)
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 SR8 that is used by IBM B2B Advanced Communications. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring Attack on RSA-EXPORT...
Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Multi-Enterprise Integration Gateway (CVE-2014-4263, CVE-2014-4244)
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7.0 SR7 that is used by IBM Multi-Enterprise Integration Gateway. These issues were disclosed as part of the IBM Java SDK updates in July 2014. Vulnerability Details CVEID: CVE-2014-4263 DESCRIPTION: An...
Security Bulletin: Multiple vulnerabilities in IBM Multi-Enterprise Integration Gateway (CVE-2014-0460, CVE-2014-0878, CVE-2014-0453)
Summary IBM Multi-Enterprise Integration Gateway is shipped with IBM® SDK, Java™ Technology Edition the “IBM SDK”, that is based on an Oracle Java Development Kit JDK. Oracle has released the April 2014 critical patch updates CPU that contain security vulnerability fixes for the JDK. The IBM SDK...
Oracle Integration Gateway File Upload Vulnerability
Exploit for windows platform in category web applications 1. ADVISORY INFORMATION Title: File Upload in Integration Gateway PSIGW Advisory ID: ERPSCAN-17-039 Advisory URL: https://erpscan.com/advisories/erpscan-17-039-file-upload-integration-gateway-psigw-peoplesoft/ Risk: High Date published:...
File Upload in Integration Gateway (PSIGW) - PeopleSoft
Application: Oracle PeopleSoft Versions Affected: PeopleTools 8.54, 8.55 Vendor: Oracle Bugs: File Upload Reported: 27.03.2017 Vendor response: 28.03.2017 Date of Public Advisory: 18.07.2017 Reference: Oracle CPU July 2017 Authors: Roman Shalymov ERPScan VULNERABILITY INFORMATION Class: File Uplo...
CVE-2016-5892
Cross-site scripting XSS vulnerability in IBM 10x, as used in Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications before 1.0.0.52, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-5892
The CVE-2016-5892 XSS vulnerability affects IBM 10x used in Multi-Enterprise Integration Gateway (MEIG) 1.x up to 1.0.0.1 and IBM B2B Advanced Communications up to 1.0.0.5_1/1.0.0.5_2. The root cause is cross‑site scripting in the Web UI, potentially enabling credential disclosure within a truste...
Design/Logic Flaw
IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 through 1.0.0.4 do not require HTTPS, which might allow remote attackers to obtain sensitive information by sniffing the network...
CVE-2016-0341
CVE-2016-0341 affects IBM Multi-Enterprise Integration Gateway 1.0–1.0.0.1 and B2B Advanced Communications 1.0.0.2–1.0.0.4. The root cause is missing HTTPS configuration, allowing remote attackers to obtain highly sensitive information via network sniffing. IBM security bulletins for IBM 10x, B2B...
CVE-2015-7445
IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.x before 1.0.0.4, when guest access is configured, allow remote authenticated users to obtain sensitive information by reading error messages in responses...
Design/Logic Flaw
IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.x before 1.0.0.4, when guest access is configured, allow remote authenticated users to obtain sensitive information by reading error messages in responses...
CVE-2015-7445
IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.x before 1.0.0.4, when guest access is configured, allow remote authenticated users to obtain sensitive information by reading error messages in responses...
CVE-2015-7445
CVE-2015-7445 affects IBM Multi-Enterprise Integration Gateway (versions 1.0–1.0.0.1) and B2B Advanced Communications (1.x prior to 1.0.0.4). When guest access is enabled, remote authenticated users can read error responses to disclose sensitive information. Public sources also document disclosur...
CVE-2015-5022
IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.32, when access by guests is enabled, place an internal hostname and a payload path in a response, which allows remote authenticated users to obtain sensitive information ...
CVE-2015-4973
Cross-site scripting XSS vulnerability in IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.32 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...