Security Vulnerabilities - CVEs Published In October 2021
IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199246.
CVSS Score
4.9
EPSS Score
0.002
Published
2021-10-07
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 199397.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-10-07
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain sensitive information from configuration files that could aid in further attacks against the system. IBM X-Force ID: 200656.
CVSS Score
4.3
EPSS Score
0.0
Published
2021-10-07
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote authenticated user to cause a denial of another user's service due to insufficient permission checking. IBM X-Force ID: 195518.
CVSS Score
4.3
EPSS Score
0.003
Published
2021-10-07
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept and replace a message sent by another user due to improper access controls. IBM X-Force ID: 195567.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-10-07
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. IBM X-Force ID: 195568.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-10-07
IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 196944.
CVSS Score
6.3
EPSS Score
0.001
Published
2021-10-07
This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array (instead of a string).
CVSS Score
5.4
EPSS Score
0.003
Published
2021-10-07
In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP header.
CVSS Score
9.8
EPSS Score
0.913
Published
2021-10-07
Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS).
CVSS Score
5.4
EPSS Score
0.003
Published
2021-10-07