Vulnerabilities > IBM > Sterling B2B Integrator > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-06-27 CVE-2023-42011 Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Sterling B2B Integrator 6.1/6.2
IBM Sterling B2B Integrator Standard Edition 6.1 and 6.2 does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.
network
low complexity
ibm CWE-1021
5.4
2024-06-27 CVE-2023-42014 Cross-site Scripting vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.2.0.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2024-02-09 CVE-2023-32341 Resource Exhaustion vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 could allow an authenticated user to cause a denial of service due to uncontrolled resource consumption.
network
low complexity
ibm CWE-400
6.5
2024-02-09 CVE-2023-42016 Cleartext Transmission of Sensitive Information vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm CWE-319
4.3
2023-11-22 CVE-2023-25682 Information Exposure Through Log Files vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 stores potentially sensitive information in log files that could be read by a local user.
local
low complexity
ibm CWE-532
5.5
2023-03-15 CVE-2023-22876 Unspecified vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.1 could allow a privileged user to obtain sensitive information that could aid in further attacks against the system.
network
low complexity
ibm
6.5
2023-02-22 CVE-2022-43578 Cross-site Scripting vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-02-17 CVE-2022-43579 Cross-site Scripting vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2023-01-05 CVE-2022-22371 Insufficient Session Expiration vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
6.5
2023-01-05 CVE-2022-34330 Cross-site Scripting vulnerability in IBM Sterling B2B Integrator
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1