Lucene search
K

46 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2020/02/05 12:53 a.m.22 views

Security Bulletin: IBM B2B Advanced Communications is vulnerable to cross-site scripting due to the vulnerability of 10x (CVE-2016-5892)

Summary IBM B2B Advanced Communications is vulnerable to cross-site scripting due to the vulnerability of 10x. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality, potentially leading to credentials disclosure within a trusted...

5.4CVSS0.8AI score0.00615EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 8:7 p.m.38 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM B2B Advanced Communications.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 Service Refresh 9 Fix Pack 40 that is used by IBM B2B Advanced Communications. These issues were disclosed as part of the IBM Java SDK updates in July 2016. Vulnerability Details CVEID: CVE-2016-3485...

2.9CVSS1.1AI score0.00453EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 8:1 p.m.33 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM B2B Advanced Communications (CVE-2016-3427 and CVE-2016-3426)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7.0 that is used by IBM B2B Advanced Communications. These issues were disclosed as part of the IBM Java SDK updates for April 2016. Vulnerability Details CVEID: CVE-2016-3427 DESCRIPTION: An...

10CVSS1.2AI score0.92334EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 8:0 p.m.19 views

Security Bulletin: Information disclosure vulnerability in IBM B2B Advanced Communications (CVE-2016-0341).

Summary IBM B2B Advanced Communications can disclose sensitive information such as usernames, passwords, machine name, sensitive file locations, or any combination of that information. This information could be used to aid in further attacks against the system. Vulnerability Details CVEID:...

7.5CVSS0.4AI score0.01363EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 8:0 p.m.63 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM B2B Advanced Communications.

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7.0 SR7 that is used by IBM Multi-Enterprise Integration Gateway. These issues were disclosed as part of the IBM Java SDK updates for October 2015 and January 2016. Vulnerability Details CVEID...

5.9CVSS0.9AI score0.05453EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 7:43 p.m.39 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM B2B Advanced Communications (CVE-2015-0138, CVE-2014-6593, CVE-2015-0410)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 SR8 that is used by IBM B2B Advanced Communications. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring Attack on RSA-EXPORT...

5CVSS1.1AI score0.67234EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 7:39 p.m.33 views

Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Multi-Enterprise Integration Gateway (CVE-2014-4263, CVE-2014-4244)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7.0 SR7 that is used by IBM Multi-Enterprise Integration Gateway. These issues were disclosed as part of the IBM Java SDK updates in July 2014. Vulnerability Details CVEID: CVE-2014-4263 DESCRIPTION: An...

4CVSS1.1AI score0.03501EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 7:37 p.m.31 views

Security Bulletin: Multiple vulnerabilities in IBM Multi-Enterprise Integration Gateway (CVE-2014-0460, CVE-2014-0878, CVE-2014-0453)

Summary IBM Multi-Enterprise Integration Gateway is shipped with IBM® SDK, Java™ Technology Edition the “IBM SDK”, that is based on an Oracle Java Development Kit JDK. Oracle has released the April 2014 critical patch updates CPU that contain security vulnerability fixes for the JDK. The IBM SDK...

5.8CVSS7.2AI score0.04899EPSS
Exploits0Affected Software1
0day.today
0day.today
added 2017/07/22 12:0 a.m.71 views

Oracle Integration Gateway File Upload Vulnerability

Exploit for windows platform in category web applications 1. ADVISORY INFORMATION Title: File Upload in Integration Gateway PSIGW Advisory ID: ERPSCAN-17-039 Advisory URL: https://erpscan.com/advisories/erpscan-17-039-file-upload-integration-gateway-psigw-peoplesoft/ Risk: High Date published:...

7.5CVSS8.4AI score0.01924EPSS
Exploits2
erpscan
erpscan
added 2017/03/27 12:0 a.m.573 views

File Upload in Integration Gateway (PSIGW) - PeopleSoft

Application: Oracle PeopleSoft Versions Affected: PeopleTools 8.54, 8.55 Vendor: Oracle Bugs: File Upload Reported: 27.03.2017 Vendor response: 28.03.2017 Date of Public Advisory: 18.07.2017 Reference: Oracle CPU July 2017 Authors: Roman Shalymov ERPScan VULNERABILITY INFORMATION Class: File Uplo...

7.5CVSS1.5AI score0.01924EPSS
Exploits2
NVD
NVD
added 2016/10/05 10:59 a.m.15 views

CVE-2016-5892

Cross-site scripting XSS vulnerability in IBM 10x, as used in Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications before 1.0.0.52, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

5.4CVSS5AI score0.00615EPSS
Exploits0References2
CVE
CVE
added 2016/10/05 10:0 a.m.55 views

CVE-2016-5892

The CVE-2016-5892 XSS vulnerability affects IBM 10x used in Multi-Enterprise Integration Gateway (MEIG) 1.x up to 1.0.0.1 and IBM B2B Advanced Communications up to 1.0.0.5_1/1.0.0.5_2. The root cause is cross‑site scripting in the Web UI, potentially enabling credential disclosure within a truste...

5.4CVSS4.9AI score0.00615EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2016/05/15 1:59 a.m.11 views

Design/Logic Flaw

IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 through 1.0.0.4 do not require HTTPS, which might allow remote attackers to obtain sensitive information by sniffing the network...

5CVSS6.5AI score0.01363EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2016/05/15 1:0 a.m.43 views

CVE-2016-0341

CVE-2016-0341 affects IBM Multi-Enterprise Integration Gateway 1.0–1.0.0.1 and B2B Advanced Communications 1.0.0.2–1.0.0.4. The root cause is missing HTTPS configuration, allowing remote attackers to obtain highly sensitive information via network sniffing. IBM security bulletins for IBM 10x, B2B...

7.5CVSS7.2AI score0.01363EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2016/01/01 5:59 a.m.12 views

CVE-2015-7445

IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.x before 1.0.0.4, when guest access is configured, allow remote authenticated users to obtain sensitive information by reading error messages in responses...

4.3CVSS4.2AI score0.00965EPSS
Exploits0References3
Prion
Prion
added 2016/01/01 5:59 a.m.14 views

Design/Logic Flaw

IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.x before 1.0.0.4, when guest access is configured, allow remote authenticated users to obtain sensitive information by reading error messages in responses...

3.5CVSS6.1AI score0.00965EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2016/01/01 2:0 a.m.20 views

CVE-2015-7445

IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.x before 1.0.0.4, when guest access is configured, allow remote authenticated users to obtain sensitive information by reading error messages in responses...

4.1AI score0.00965EPSS
Exploits0References3
CVE
CVE
added 2016/01/01 2:0 a.m.43 views

CVE-2015-7445

CVE-2015-7445 affects IBM Multi-Enterprise Integration Gateway (versions 1.0–1.0.0.1) and B2B Advanced Communications (1.x prior to 1.0.0.4). When guest access is enabled, remote authenticated users can read error responses to disclose sensitive information. Public sources also document disclosur...

4.3CVSS4.1AI score0.00965EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2015/10/06 1:59 a.m.13 views

CVE-2015-5022

IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.32, when access by guests is enabled, place an internal hostname and a payload path in a response, which allows remote authenticated users to obtain sensitive information ...

4.3CVSS5.6AI score0.01087EPSS
Exploits0References2
NVD
NVD
added 2015/10/06 1:59 a.m.19 views

CVE-2015-4973

Cross-site scripting XSS vulnerability in IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.32 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

4.3CVSS5.5AI score0.0095EPSS
Exploits0References2
Rows per page
Query Builder