CVE-2021-20473

IBM Sterling File Gateway UI versions 2.2.0.0–6.1.1.0 are vulnerable because the product does not invalidate sessions after logout, enabling an authenticated user to impersonate another user. The issue is addressed in IBM’s security bulletin with remediation guidance: upgrade to fixed releases (5...

CVE-2021-34766

A vulnerability in the web UI of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an authenticated, remote attacker to elevate privileges and create, read, update, or delete records and settings in multiple functions. This vulnerability is due to insufficient authorization of the Syst...

CVE-2021-34742

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation o...

CVE-2021-34742 Cisco Vision Dynamic Signage Director Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation o...

CVE-2021-29760

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to download unauthorized files through the dashboard user interface. IBM X-Force ID: 202213...

CVE-2021-29760

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to download unauthorized files through the dashboard user interface. IBM X-Force ID: 202213...

CVE-2021-29836

IBM Sterling B2B Integrator Standard Edition 5.2.0.0. through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

Code injection

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to download unauthorized files through the dashboard user interface. IBM X-Force ID: 202213...

CVE-2021-29760

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to download unauthorized files through the dashboard user interface. IBM X-Force ID: 202213...

Security Bulletin: Session Fixation Vulnerability Affects BM Sterling File Gateway (CVE-2021-20473)

Summary IBM Sterling File Gateway has addressed the security vulnerability. Vulnerability Details CVEID: CVE-2021-20473 DESCRIPTION: IBM Sterling File Gateway User Interface does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...

Security Bulletin: Informaton Disclosure Vulnerability Affects the Dashboard User Interface of IBM Stelring B2B Integrator (CVE-2021-29700)

Summary IBM Sterling B2B Integrator has addressed the security vulnerability. Vulnerability Details CVEID: CVE-2021-29700 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition could allow an authneticated attacker to obtain sensitive information from configuration files that could aid in...

IBM Sterling File Gateway 跨站脚本漏洞

IBM Sterling File Gateway is an application for transferring files between internal and external partners, allowing you to more securely and reliably transfer files with trading partners.IBM Sterling File Gateway versions 2.2.0.0-5.2.6.54, 6.0.0.0-6.0.0.6, 6.0 .1.0-6.0.3.4, and 6.1.0.0-6.1.0.2...

Samsung SMR 安全漏洞

Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. A security vulnerability exists in versions prior to Samsung SMR Oct-2021 Release 1, which originates from an exception handling of multisimbarshowonqspanel in SystemUI, which allo...

IBM Sterling File Gateway 跨站脚本漏洞

IBM Sterling File Gateway is an application for transferring files between internal and external partners, allowing you to more securely and reliably transfer files with trading partners.IBM Sterling File Gateway versions 2.2.0.0-5.2.6.53, 6.0.0.0-6.0.0.6, 6.0 .1.0-6.0.3.4, and 6.1.0.0-6.1.0.1...

Cisco Smart Software Manager 安全漏洞

Cisco Smart Software Manager is the United States Cisco Cisco company for the provision of license intelligent management features of the software. The software eliminates cumbersome product activation key PAK and license file management, so that the license node is no longer locked to the device...

KLA12320 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. A bypass security vulnerability in...

IBM Sterling B2B Integrator 跨站脚本漏洞

IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting vulnerability exists in IBM Sterling B...

IBM Sterling B2B Integrator 跨站脚本漏洞

IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting vulnerability exists in IBM Sterling B...

Security Bulletin: Access Control Vulnerabilities Affects the Dashboard User Interface of IBM Sterling B2B Integrator

Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities. Vulnerability Details CVEID: CVE-2021-29758 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition could allow an authenticated user to perform actions that they should not be able to access due to improper access...

IBM Sterling B2B Integrator 跨站脚本漏洞

IBM Sterling B2B Integrator is a transaction engine, a set of components that run the processes you define and manage based on your business needs.A cross-site scripting vulnerability exists in IBM Sterling B2B Integrator versions 5.2.0.0-6.0.3.4, 6.1.0.0-6.1.0.3. An attacker could exploit the...