Vulnerabilities > IBM > Sterling B2B Integrator > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-06-27 | CVE-2023-42011 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Sterling B2B Integrator 6.1/6.2 IBM Sterling B2B Integrator Standard Edition 6.1 and 6.2 does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. | 5.4 |
2024-06-27 | CVE-2023-42014 | Cross-site Scripting vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.2.0.2 is vulnerable to cross-site scripting. | 5.4 |
2024-02-09 | CVE-2023-32341 | Resource Exhaustion vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 could allow an authenticated user to cause a denial of service due to uncontrolled resource consumption. | 6.5 |
2024-02-09 | CVE-2023-42016 | Cleartext Transmission of Sensitive Information vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
2023-11-22 | CVE-2023-25682 | Information Exposure Through Log Files vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 stores potentially sensitive information in log files that could be read by a local user. | 5.5 |
2023-03-15 | CVE-2023-22876 | Unspecified vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.1 could allow a privileged user to obtain sensitive information that could aid in further attacks against the system. | 6.5 |
2023-02-22 | CVE-2022-43578 | Cross-site Scripting vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. | 5.4 |
2023-02-17 | CVE-2022-43579 | Cross-site Scripting vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. | 5.4 |
2023-01-05 | CVE-2022-22371 | Insufficient Session Expiration vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. | 6.5 |
2023-01-05 | CVE-2022-34330 | Cross-site Scripting vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to cross-site scripting. | 6.1 |