Vulnerabilities > IBM > Sterling B2B Integrator > 6.0.3.6

DATE CVE VULNERABILITY TITLE RISK
2023-01-04 CVE-2021-38928 Unspecified vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.
network
low complexity
ibm
5.4
5.4
2023-01-04 CVE-2022-22337 Unspecified vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could disclose sensitive information to an authenticated user.
network
low complexity
ibm
6.5
6.5
2023-01-04 CVE-2022-22338 SQL Injection vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
critical
 9.8
9.8
2023-01-04 CVE-2022-22352 Cross-site Scripting vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2023-01-04 CVE-2022-43920 Unspecified vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could allow an authenticated user to gain privileges in a different group due to an access control vulnerability in the Sftp server adapter.
network
low complexity
ibm
8.8
8.8