Vulnerabilities > IBM > Sterling B2B Integrator > 6.0.3.0

DATE CVE VULNERABILITY TITLE RISK
2021-01-05 CVE-2020-4761 Information Exposure Through an Error Message vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
5.3
5.3
2021-01-05 CVE-2019-4728 Deserialization of Untrusted Data vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data.
network
low complexity
ibm CWE-502
8.8
8.8
2020-12-16 CVE-2020-4657 Cross-site Scripting vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator 5.2.0.0 through 6.0.3.2 Standard Edition is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
6.1
2020-12-10 CVE-2019-4738 Cleartext Storage of Sensitive Information vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.1 discloses sensitive information to an authenticated user from the dashboard UI which could be used in further attacks against the system.
network
low complexity
ibm CWE-312
6.5
6.5
2020-11-20 CVE-2020-4937 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
7.5
2020-11-16 CVE-2020-4705 Cross-site Scripting vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
4.8
4.8
2020-11-16 CVE-2020-4700 Unspecified vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user belonging to a specific user group to create a user or group with administrative privileges.
network
low complexity
ibm
8.8
8.8
2020-11-16 CVE-2020-4692 Unspecified vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user to obtain sensitive information from the Dashboard UI.
network
low complexity
ibm
6.5
6.5
2020-11-16 CVE-2020-4671 Information Exposure Through Log Files vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 stores potentially sensitive information in log files that could be read by an authenticatedl user.
network
low complexity
ibm CWE-532
6.5
6.5
2020-11-16 CVE-2020-4655 SQL Injection vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
8.8
8.8