Vulnerabilities > IBM > B2B Advanced Communications > 1.0.0.3

DATE CVE VULNERABILITY TITLE RISK
2023-07-31 CVE-2023-22595 Cross-site Scripting vulnerability in IBM products
IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 are vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2023-07-31 CVE-2023-24971 Deserialization of Untrusted Data vulnerability in IBM products
IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java objects.
network
low complexity
ibm CWE-502
6.5
6.5
2016-10-05 CVE-2016-5892 Cross-site Scripting vulnerability in IBM products
Cross-site scripting (XSS) vulnerability in IBM 10x, as used in Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications before 1.0.0.5_2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
3.5
3.5
2016-05-15 CVE-2016-0341 Information Exposure vulnerability in IBM products
IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 through 1.0.0.4 do not require HTTPS, which might allow remote attackers to obtain sensitive information by sniffing the network.
network
low complexity
ibm CWE-200
5.0
5.0
2016-01-01 CVE-2015-7445 Information Exposure vulnerability in IBM products
IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.x before 1.0.0.4, when guest access is configured, allow remote authenticated users to obtain sensitive information by reading error messages in responses.
network
ibm CWE-200
3.5
3.5
2015-10-06 CVE-2015-5022 Information Exposure vulnerability in IBM B2B Advanced Communications 1.0.0.1/1.0.0.2/1.0.0.3
IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2, when access by guests is enabled, place an internal hostname and a payload path in a response, which allows remote authenticated users to obtain sensitive information by leveraging a trading-partner relationship and reading response fields.
network
ibm CWE-200
4.3
4.3
2015-10-06 CVE-2015-4973 Cross-site Scripting vulnerability in IBM B2B Advanced Communications 1.0.0.1/1.0.0.2/1.0.0.3
Cross-site scripting (XSS) vulnerability in IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
4.3
4.3