Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-20375: Security Bulletin: Access Security Control Vulnerability Affects IBM Sterling File Gateway (CVE-2021-20375)

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept and replace a message sent by another user due to improper access controls. IBM X-Force ID: 195567.

CVE

Related news

CVE-2020-4160: IBM QRadar Network Security information disclosure CVE-2020-4160 Vulnerability Report

IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 174340.

CVE-2020-4654: Security Bulletin: Access Control Vulnerability Affects the User Interface of IBM Sterling File Gateway (CVE-2020-4654)

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information due to improper permission control. IBM X-Force ID: 186090.

CVE-2021-20376: Security Bulletin: Access Control Vulnerability Affects IBM Sterling File Gateway (CVE-2021-20376)

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. IBM X-Force ID: 195568.

CVE-2021-29700: Security Bulletin: Informaton Disclosure Vulnerability Affects the Dashboard User Interface of IBM Stelring B2B Integrator (CVE-2021-29700)

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain sensitive information from configuration files that could aid in further attacks against the system. IBM X-Force ID: 200656.

CVE-2021-20584: Security Bulletin: Access Control Vulnerability Affects Myfilegateway User Interface of IBM Sterling File Gateway (CVE-2021-20584)

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 199397.

CVE-2021-29760: Security Bulletin: Access Control Vulnerabilities Affects the Dashboard User Interface of IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to download unauthorized files through the dashboard user interface. IBM X-Force ID: 202213.

CVE-2021-29903: Security Bulletin: SQL Injection Vulnerability Affects B2B API of IBM Sterling B2B Integrator (CVE-2021-29903)

IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 207506.

CVE-2021-29798: Security Bulletin: SQL Injection Vulnerability Affects Docker Container of IBM Sterling B2B Integrator (CVE-2021-29798)

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 203734.

CVE-2021-29758: Security Bulletin: Access Control Vulnerabilities Affects the Dashboard User Interface of IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to perform actions that they should not be able to access due to improper access controls. IBM X-Force ID: 202169.

CVE-2021-29761: Security Bulletin: Access Control Vulnerabilities Affects the Dashboard User Interface of IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information from the dashboard that they should not have access to. IBM X-Force ID: 202265.

CVE-2021-38864: IBM Security Verify Bridge information disclosure CVE-2021-38864 Vulnerability Report

IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensitive information due to improper certificate validation. IBM X-Force ID: 208155.

CVE-2021-20563: IBM Sterling File Gateway information disclosure CVE-2021-20563 Vulnerability Report

IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote authenciated user to obtain sensitive information. By sending a specially crafted request, the user could disclose a valid filepath on the server which could be used in further attacks against the system. IBM X-Force ID: 199234.

CVE-2021-20434: IBM Security Verify Bridge information disclosure CVE-2021-20434 Vulnerability Report

IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 196346.

CVE-2021-38863: IBM Security Verify Bridge information disclosure CVE-2021-38863 Vulnerability Report

IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by a locally authenticated user. IBM X-Force ID: 208154.

CVE-2021-20435: Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Bridge (CVE-2021-20434, CVE-2021-38864, CVE-2021-20435)

IBM Security Verify Bridge 1.0.5.0 does not properly validate a certificate which could allow a local attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 196355.

CVE-2021-20435: Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Bridge (CVE-2021-20434, CVE-2021-38864, CVE-2021-20435)

IBM Security Verify Bridge 1.0.5.0 does not properly validate a certificate which could allow a local attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 196355.

CVE-2021-20496: IBM Security Verify Access Docker security bypass CVE-2021-20496 Vulnerability Report

IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X-Force ID: 197966.

CVE-2021-20510: IBM Security Verify Access Docker information disclosure CVE-2021-20510 Vulnerability Report

IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299

CVE-2021-20511: IBM Security Verify Access Docker information disclosure CVE-2021-20511 Vulnerability Report

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 198300.

CVE-2020-27134: Cisco Jabber Desktop and Mobile Client Software Vulnerabilities

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907