Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.1:*:*:*:standard:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-42016 |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 265559. Published: February 08, 2024; 8:15:08 PM -0500 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2023-32341 |
IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 could allow an authenticated user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 255827. Published: February 08, 2024; 8:15:08 PM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-25682 |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 247034. Published: November 22, 2023; 2:15:08 PM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2022-35638 |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230824. Published: November 21, 2023; 11:15:07 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-22876 |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.1 could allow a privileged user to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 244364. Published: March 15, 2023; 3:15:24 PM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2022-43578 |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238683. Published: February 22, 2023; 1:15:10 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-43579 |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238684. Published: February 17, 2023; 2:15:11 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-40231 |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 could allow an authenticated user to perform unauthorized actions due to improper access controls. IBM X-Force ID: 235533. Published: February 17, 2023; 2:15:11 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2022-34330 |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229469. Published: January 05, 2023; 2:15:09 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-22371 |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 221195. Published: January 05, 2023; 2:15:09 AM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2022-43920 |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could allow an authenticated user to gain privileges in a different group due to an access control vulnerability in the Sftp server adapter. IBM X-Force ID: 241362. Published: January 04, 2023; 1:15:09 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2022-22352 |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 220398. Published: January 04, 2023; 1:15:08 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-22338 |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 219510. Published: January 04, 2023; 1:15:08 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-22337 |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could disclose sensitive information to an authenticated user. IBM X-Force ID: 219507. Published: January 04, 2023; 1:15:08 PM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2021-38928 |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 210323. Published: January 04, 2023; 1:15:08 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2021-39087 |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow an authenticated user to obtain sensitive information due to improper permission controls. IBM X-Force ID: 216109. Published: August 16, 2022; 3:15:08 PM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2021-39085 |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 215888. Published: August 16, 2022; 3:15:08 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2021-39035 |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213965. Published: August 16, 2022; 3:15:08 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2021-38954 |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could disclose sensitive version information that could aid in future attacks against the system. IBM X-Force ID: 211414. Published: June 30, 2022; 1:15:07 PM -0400 |
V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2022-22482 |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow an authenticated user to upload files that could fill up the filesystem and cause a denial of service. IBM X-Force ID: 225977. Published: May 17, 2022; 1:15:08 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |