Vulnerabilities > IBM > Sterling B2B Integrator > High

DATE CVE VULNERABILITY TITLE RISK
2023-11-22 CVE-2022-35638 Unspecified vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm
8.8
2023-02-17 CVE-2022-40231 Unspecified vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 could allow an authenticated user to perform unauthorized actions due to improper access controls.
network
low complexity
ibm
8.8
2023-02-17 CVE-2022-40232 Incorrect Default Permissions vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, and 6.1.2.0 could allow an authenticated user to perform actions they should not have access to due to improper permission controls.
network
low complexity
ibm CWE-276
8.8
2023-01-04 CVE-2022-43920 Unspecified vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could allow an authenticated user to gain privileges in a different group due to an access control vulnerability in the Sftp server adapter.
network
low complexity
ibm
8.8
2022-04-08 CVE-2020-4668 Cross-Site Request Forgery (CSRF) vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3, and 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2021-10-07 CVE-2021-20584 Unspecified vulnerability in IBM Sterling B2B Integrator
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload arbitrary files, caused by improper access controls.
network
low complexity
ibm
7.5
2021-10-06 CVE-2021-29837 Cross-Site Request Forgery (CSRF) vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2021-10-06 CVE-2021-38925 Inadequate Encryption Strength vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 5.2.0.
network
low complexity
ibm CWE-326
7.5
2021-01-05 CVE-2020-4762 Unspecified vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow an authenticated user to create a privileged account due to improper access controls.
network
low complexity
ibm
8.8
2021-01-05 CVE-2019-4728 Deserialization of Untrusted Data vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data.
network
low complexity
ibm CWE-502
8.8