cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-47116,https://securityvulnerability.io/vulnerability/CVE-2024-47116,Cross-Site Scripting Vulnerability in IBM Sterling B2B Integrator,IBM Sterling B2B Integrator versions from 6.0.0.0 to 6.1.2.5 and 6.2.0.0 to 6.2.0.3 have a cross-site scripting vulnerability that permits authenticated users to introduce arbitrary JavaScript code in the web interface. This can compromise the functionality of the application and potentially expose sensitive credentials during a trusted session.,IBM,Sterling B2b Integrator,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-31T16:01:06.963Z,0
CVE-2024-45089,https://securityvulnerability.io/vulnerability/CVE-2024-45089,Sensitive Filename Information Exposure in IBM Sterling B2B Integrator,The IBM Sterling B2B Integrator has a vulnerability affecting multiple versions of its EBICS server. An authenticated user may exploit this weakness to access sensitive filename information due to an observable discrepancy in the application's handling of requests. Organizations using this software should review their configurations and access controls to mitigate potential risks.,IBM,Sterling B2b Integrator,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-31T15:58:53.150Z,0
CVE-2024-49807,https://securityvulnerability.io/vulnerability/CVE-2024-49807,Stored Cross-Site Scripting Vulnerability in IBM Sterling B2B Integrator,"IBM Sterling B2B Integrator versions 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition are susceptible to a stored cross-site scripting vulnerability. This flaw permits authenticated users to inject arbitrary JavaScript code into the web interface. This malicious code execution can lead to unauthorized actions and potentially compromise sensitive information, including credential disclosure during an active and trusted session.",IBM,Sterling B2b Integrator,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-31T15:25:27.961Z,0
CVE-2024-40696,https://securityvulnerability.io/vulnerability/CVE-2024-40696,Cross-Site Scripting in IBM Sterling B2B Integrator by IBM,"IBM Sterling B2B Integrator exhibits a vulnerability that allows a privileged user to inject malicious JavaScript into the Web UI. This exploitation can modify the application's intended behavior, raising the risk of disclosing sensitive user credentials within an authenticated session. Organizations utilizing affected versions should take immediate action to mitigate potential threats associated with this security flaw.",IBM,Sterling B2b Integrator,4.8,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-31T15:24:52.928Z,0
CVE-2024-47103,https://securityvulnerability.io/vulnerability/CVE-2024-47103,Cross-Site Scripting Vulnerability in IBM Sterling B2B Integrator,"IBM Sterling B2B Integrator versions 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition are affected by a cross-site scripting vulnerability. This flaw allows a privileged user to inject arbitrary JavaScript code into the Web UI, potentially modifying its functionality. If exploited, this vulnerability could lead to disclosure of sensitive information, including user credentials, during a trusted session.",IBM,Sterling B2b Integrator,4.8,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-31T15:24:33.527Z,0
CVE-2023-38739,https://securityvulnerability.io/vulnerability/CVE-2023-38739,Cross-Site Request Forgery in IBM Sterling B2B Integrator,"IBM Sterling B2B Integrator versions 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 are susceptible to a cross-site request forgery vulnerability. This flaw may allow an attacker to perform unauthorized actions by exploiting the trust established with a user of the application. If successfully executed, the attacker could leverage this vulnerability to manipulate user sessions, potentially leading to data breaches or unauthorized data modifications.",IBM,Sterling B2b Integrator,4.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-31T15:19:20.155Z,0
CVE-2023-50316,https://securityvulnerability.io/vulnerability/CVE-2023-50316,SQL Injection Vulnerability in IBM Sterling B2B Integrator,"IBM Sterling B2B Integrator versions 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 are susceptible to a SQL injection vulnerability. This allows remote attackers to execute specially crafted SQL statements, providing unauthorized access to sensitive data in the back-end database. Attackers may exploit this vulnerability to view, insert, modify, or delete critical information, posing significant risks to data integrity and confidentiality.",IBM,Sterling B2b Integrator,6.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-01-28T01:15:00.000Z,0
CVE-2024-27263,https://securityvulnerability.io/vulnerability/CVE-2024-27263,Sensitive Information Exposure in IBM Sterling B2B Integrator,"The vulnerability in IBM Sterling B2B Integrator could enable an authenticated user to exploit the dashboard UI, leading to the potential exposure of sensitive information. By employing man-in-the-middle attack techniques, adversaries could intercept traffic and retrieve confidential data that should remain secured. It is crucial for organizations using affected versions of this product to implement necessary security measures to mitigate these risks.",IBM,Sterling B2b Integrator,5.3,MEDIUM,0.0004900000058114529,false,,false,false,false,,false,false,false,,2025-01-28T01:15:00.000Z,0
CVE-2023-50309,https://securityvulnerability.io/vulnerability/CVE-2023-50309,Stored Cross-Site Scripting Vulnerability in IBM Sterling B2B Integrator,"IBM Sterling B2B Integrator versions 6.0.0.0 through 6.2.0.0 are affected by a stored cross-site scripting vulnerability. This flaw allows attackers to inject and execute arbitrary JavaScript code within the web application interface. Such an exploit can change the behavior of the application, potentially leading to the disclosure of user credentials during an active session. Organizations using these versions should apply the latest updates to mitigate this risk.",IBM,Sterling B2b Integrator Standard Edition,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-23T02:38:25.105Z,0
CVE-2023-32340,https://securityvulnerability.io/vulnerability/CVE-2023-32340,Cross-Site Scripting Vulnerability in IBM Sterling B2B Integrator,"IBM Sterling B2B Integrator versions 6.0.0.0 through 6.1.2.5 and 6.2.0.0 are susceptible to a cross-site scripting vulnerability. This security flaw enables attackers to inject arbitrary JavaScript code into the Web UI, which can manipulate the intended application behavior. As a result, this could potentially lead to unauthorized access or disclosure of sensitive information, such as user credentials, while operating within a trusted session.",IBM,Sterling B2b Integrator Standard Edition,4.6,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-23T02:37:33.010Z,0
CVE-2024-31903,https://securityvulnerability.io/vulnerability/CVE-2024-31903,Arbitrary Code Execution Vulnerability in IBM Sterling B2B Integrator,"A vulnerability exists in IBM Sterling B2B Integrator Standard Edition that allows an attacker within the local network to execute arbitrary code on the system. This is due to improper deserialization of untrusted data, which can lead to exploitation of the affected versions. Proper validation of data is critical to preventing such security risks.",IBM,Sterling B2b Integrator Standard Edition,8.8,HIGH,0.0005300000193528831,false,,false,false,false,,false,false,false,,2025-01-22T16:08:02.810Z,0
CVE-2021-20553,https://securityvulnerability.io/vulnerability/CVE-2021-20553,Cross-Site Scripting Vulnerability in IBM Sterling B2B Integrator,"CVE-2021-20553 is a high-risk vulnerability affecting IBM Sterling B2B Integrator Standard Edition versions 5.2.0.0 through 6.1.1.0. This vulnerability enables attackers to exploit cross-site scripting (XSS) within the Web UI, which permits the injection of arbitrary JavaScript code. Such exploitation can lead to unauthorized alterations of the application’s intended functionalities, with a significant risk of credential disclosure to attackers during a trusted session. Users of the affected versions are advised to apply security updates promptly to mitigate this critical security risk.",IBM,Sterling B2b Integrator,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-12-19T00:15:00.000Z,0
CVE-2023-42010,https://securityvulnerability.io/vulnerability/CVE-2023-42010,HTTP Responses Vulnerable to Sensitive Information Disclosure,"IBM Sterling B2B Integrator Standard Edition versions 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 are susceptible to a vulnerability that could reveal sensitive information through HTTP responses. This vulnerability is primarily exploitable using man-in-the-middle techniques, potentially allowing malicious actors to intercept and view confidential data during transmission. Organizations using the affected versions should review their security protocols and apply necessary fixes to mitigate the risks involved.",IBM,Sterling B2b Integrator Standard Edition,3.7,LOW,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-07-17T17:18:38.043Z,0
CVE-2023-42014,https://securityvulnerability.io/vulnerability/CVE-2023-42014,IBM Sterling B2B Integrator vulnerable to Cross-Site Scripting,IBM Sterling B2B Integrator Standard Edition versions 6.0.0.0 through 6.2.0.2 are exposed to a cross-site scripting issue that could allow authenticated users to inject arbitrary JavaScript code into the web interface. This manipulation of the web UI can compromise the expected functionality of the application and exposes users to potential credential disclosure risks during trusted sessions. Organizations using these versions must implement remediation strategies to protect against such threats.,IBM,Sterling B2b Integrator Standard Edition,5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-06-27T18:00:42.773Z,0
CVE-2023-42011,https://securityvulnerability.io/vulnerability/CVE-2023-42011,Integrator May Confuse Users with Incorrect or Restricted Frame Objects,"IBM Sterling B2B Integrator Standard Edition versions 6.1 and 6.2 exhibit a vulnerability where frame objects or UI layers from another application or domain might not be properly restricted. This flaw can create confusion for users as it increases the risk of interacting with elements from different interfaces. As a result, users may find themselves unsure of which application they are currently using, potentially leading to erroneous actions and breaches in operational protocols. Addressing this issue is crucial for maintaining clarity and integrity in user interactions.",IBM,Sterling B2b Integrator Standard Edition,5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-06-27T17:39:04.750Z,0
CVE-2023-45186,https://securityvulnerability.io/vulnerability/CVE-2023-45186,IBM Sterling B2B Integrator vulnerable to Cross-Site Scripting,"IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  268691.",IBM,Sterling B2b Integrator,4.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-12T02:45:59.542Z,0
CVE-2023-50307,https://securityvulnerability.io/vulnerability/CVE-2023-50307,IBM Sterling B2B Integrator vulnerable to Cross-Site Scripting,"IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  273338.",IBM,Sterling B2b Integrator,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-12T02:30:56.429Z,0
CVE-2024-22357,https://securityvulnerability.io/vulnerability/CVE-2024-22357,IBM Sterling B2B Integrator vulnerable to Cross-Site Scripting,"IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  280894.",IBM,Sterling B2b Integrator,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-12T02:28:22.476Z,0
CVE-2023-42016,https://securityvulnerability.io/vulnerability/CVE-2023-42016,IBM Sterling B2B Integrator Vulnerability: Unsecured Authorization Tokens and Session Cookies,"In IBM Sterling B2B Integrator, a security vulnerability exists due to the absence of the secure attribute on authorization tokens and session cookies. This issue allows potential attackers to intercept cookie values through crafted HTTP links, leading to unauthorized access if users click on these links. When a user visits a malicious site or link, the cookies can be relayed over an insecure connection, where attackers can snoop on the traffic and capture sensitive data. This flaw emphasizes the importance of implementing robust security measures to safeguard sensitive information and prevent unauthorized access.",IBM,Sterling B2b Integrator,4.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-02-09T01:01:03.137Z,0
CVE-2023-32341,https://securityvulnerability.io/vulnerability/CVE-2023-32341,IBM Sterling B2B Integrator Denial of Service Vulnerability,"A vulnerability exists in the IBM Sterling B2B Integrator software that may allow an authenticated user to create a denial of service condition. This could occur due to uncontrolled resource consumption, impacting the availability and performance of the service. It is crucial for organizations using the affected versions of IBM Sterling B2B Integrator to apply appropriate mitigations to prevent potential disruptions.",IBM,Sterling B2b Integrator,6.5,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-02-09T00:58:25.772Z,0
CVE-2023-25682,https://securityvulnerability.io/vulnerability/CVE-2023-25682,IBM Sterling B2B Integrator information disclosure,IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 stores potentially sensitive information in log files that could be read by a local user.  IBM X-Force ID:  247034.,IBM,Sterling B2B Integrator Standard Edition,5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-11-22T19:15:00.000Z,0
CVE-2022-35638,https://securityvulnerability.io/vulnerability/CVE-2022-35638,IBM Sterling B2B Integrator cross-site request forgery,IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.  IBM X-Force ID:  230824.,IBM,Sterling B2b Integrator,4.3,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2023-11-22T04:00:15.625Z,0
CVE-2023-22876,https://securityvulnerability.io/vulnerability/CVE-2023-22876,IBM Sterling B2B Integrator information disclosure,IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.1 could allow a privileged user to obtain sensitive information that could aid in further attacks against the system.  IBM X-Force ID:  244364.,IBM,Sterling B2B Integrator,6.5,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2023-03-15T19:15:00.000Z,0
CVE-2022-43578,https://securityvulnerability.io/vulnerability/CVE-2022-43578,IBM Sterling B2B Integrator Standard Edition cross-site scripting,IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  238683.,IBM,Sterling B2b Integrator Standard Edition,4.6,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2023-02-22T17:39:20.878Z,0
CVE-2022-40231,https://securityvulnerability.io/vulnerability/CVE-2022-40231,IBM Sterling B2B Integrator Standard Edition improper access control,IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 could allow an authenticated user to perform unauthorized actions due to improper access controls.  IBM X-Force ID:  235533.,IBM,Sterling B2b Integrator Standard Edition,4.3,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2023-02-17T18:22:51.727Z,0