Vulnerabilities > IBM > Sterling B2B Integrator

DATE CVE VULNERABILITY TITLE RISK
2017-02-01 CVE-2016-6020 Open Redirect vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to conduct phishing attacks, using an open redirect attack.
network
low complexity
ibm CWE-601
6.1
6.1
2016-11-30 CVE-2016-5890 Credentials Management vulnerability in IBM Sterling B2B Integrator 5.2
IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors.
network
high complexity
ibm CWE-255
5.3
5.3
2016-11-30 CVE-2016-3057 Cross-site Scripting vulnerability in IBM Sterling B2B Integrator 5.2
Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ibm CWE-79
6.1
6.1
2016-01-02 CVE-2015-7450 Unspecified vulnerability in IBM products
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.
network
low complexity
ibm
critical
 9.8
9.8
2016-01-02 CVE-2015-7438 Information Exposure vulnerability in IBM Sterling B2B Integrator 5.2
IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive cleartext web-services information by leveraging database access.
local
high complexity
ibm CWE-200
4.7
4.7
2016-01-02 CVE-2015-7437 Information Exposure vulnerability in IBM Sterling B2B Integrator 5.2
Queue Watcher in IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive information via unspecified vectors.
local
low complexity
ibm CWE-200
5.5
5.5
2016-01-02 CVE-2015-7431 Cross-site Scripting vulnerability in IBM Sterling B2B Integrator 5.2
Cross-site scripting (XSS) vulnerability in Queue Watcher in IBM Sterling B2B Integrator 5.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
6.1
6.1
2016-01-01 CVE-2015-7410 Code vulnerability in IBM Sterling B2B Integrator 5.2
The Health Check tool in IBM Sterling B2B Integrator 5.2 does not properly use cookies in conjunction with HTTPS sessions, which allows man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.
network
high complexity
ibm CWE-17
7.4
7.4