Search criteria
9 vulnerabilities found for Sterling Order Management by IBM
VAR-201404-0287
Vulnerability from variot - Updated: 2025-04-13 22:09CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094. This vulnerability CVE-2014-0094 Vulnerability due to insufficient fix for.Through a crafted request by a third party, ClassLoader The " operation (manipulate)" And any code could be executed. Apache Struts is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Apache Struts versions 2.0.0 through 2.3.16.1 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201404-0287",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "struts",
"scope": "lt",
"trust": 1.8,
"vendor": "apache",
"version": "2.3.16.2"
},
{
"model": "connections",
"scope": "eq",
"trust": 1.1,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "connections",
"scope": "eq",
"trust": 1.1,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "connections",
"scope": "eq",
"trust": 1.1,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "struts",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.0"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.3.4"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.3.8"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.3.7"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.3.16.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.3.16"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.3.15.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.3.15.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.3.15.1"
},
{
"model": "connections",
"scope": "lte",
"trust": 0.8,
"vendor": "ibm",
"version": "3.0.1.1"
},
{
"model": "mysql",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "enterprise monitor 2.3.16"
},
{
"model": "mysql",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "enterprise monitor 3.0.10"
},
{
"model": "esmpro/servermanager",
"scope": "lte",
"trust": 0.8,
"vendor": "nec",
"version": "ver5.75"
},
{
"model": "infocage",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "pc security"
},
{
"model": "infocage",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "security risk management v1.0.0 to v2.1.3"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise edition v5.1 to v5.2"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise edition v6.1 to v6.5"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "rfid manager enterprise v7.1"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "rfid manager lite v2.0"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "rfid manager standard v2.0"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard edition v5.1 to v5.2"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard edition v6.1 to v6.5"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard-j edition v5.1 to v5.2"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard-j edition v6.1 to v6.5"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "web edition v5.1 to v5.2"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "web edition v6.1 to v6.5"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v7.1"
},
{
"model": "webotx developer",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "\"v8.2 to v8.4 (with developers studio only )\""
},
{
"model": "webotx developer",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "\"v9.1 to v9.2 (with developers studio only )\""
},
{
"model": "webotx portal",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v8.3 to v8.4"
},
{
"model": "webotx portal",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v9.1"
},
{
"model": "integrated system ha database ready",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "business analytics modeling server"
},
{
"model": "interstage",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "business process manager analytics"
},
{
"model": "interstage",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "extreme transaction processing server"
},
{
"model": "interstage",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "mobile manager"
},
{
"model": "interstage application development cycle manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage application framework suite",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage apworks",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage business application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage job workload server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage service integrator",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage studio",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "serverview",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "resource orchestrator"
},
{
"model": "symfoware",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "analytics server"
},
{
"model": "symfoware",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "server"
},
{
"model": "systemwalker service catalog manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "systemwalker service quality coordinator",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "systemwalker software configuration manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "triole",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "cloud middle set b set"
},
{
"model": "cloud infrastructure management software",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "struts",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.3.4.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.3.3"
},
{
"model": "keybox",
"scope": "eq",
"trust": 0.3,
"vendor": "skavanagh",
"version": "2.10.02"
},
{
"model": "ec2box",
"scope": "eq",
"trust": 0.3,
"vendor": "skavanagh",
"version": "0.11.01"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.10"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.16"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.15"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.14"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.13"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3"
},
{
"model": "sterling web channel",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "sterling web channel",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "sterling selling and fulfillment foundation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2.1"
},
{
"model": "sterling selling and fulfillment foundation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2"
},
{
"model": "sterling selling and fulfillment foundation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "sterling selling and fulfillment foundation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "sterling order management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "sterling field sales",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2.1"
},
{
"model": "sterling field sales",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2.0"
},
{
"model": "sterling field sales",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0"
},
{
"model": "sterling field sales",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "platform symphony",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.1"
},
{
"model": "platform symphony",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "platform symphony",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "platform hpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.1"
},
{
"model": "platform hpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "platform hpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2"
},
{
"model": "platform cluster manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.1"
},
{
"model": "platform cluster manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "platform cluster manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2"
},
{
"model": "platform application center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2"
},
{
"model": "platform application center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "platform application center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "platform application center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.00"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.10"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.1"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.0"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.0.3"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.0.2"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.0.1"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.0.0"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.1.1"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.0.0"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.0.2"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.0.1"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.3.0"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.2.0"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.1.3"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.1.0"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "5.0"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.41"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.8"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.6"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.5"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.14"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.12"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.11"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.10"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.9"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.8"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.7"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.6"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.5"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.4"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.15"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.14.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.14.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.14.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.14"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.1.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.1.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.3.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.4"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.13"
},
{
"model": "keybox",
"scope": "ne",
"trust": 0.3,
"vendor": "skavanagh",
"version": "2.10.03"
},
{
"model": "ec2box",
"scope": "ne",
"trust": 0.3,
"vendor": "skavanagh",
"version": "0.11.02"
},
{
"model": "clearpass",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.3.2"
},
{
"model": "clearpass",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.2.6"
},
{
"model": "clearpass",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.1.4"
},
{
"model": "struts",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.16.2"
}
],
"sources": [
{
"db": "BID",
"id": "67081"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002269"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-570"
},
{
"db": "NVD",
"id": "CVE-2014-0113"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:struts",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:connections",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:mysql",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:esmpro_servermanager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:infocage",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_developer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_portal",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:integrated_system_ha_database_ready",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_development_cycle_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_apworks",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_service_integrator",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_studio",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:serverview",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:symfoware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_catalog_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_quality_coordinator",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_software_configuration_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:triole",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:cloud_infrastructure_management_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002269"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Taki Uchiyama, Takeshi Terada, Takayoshi Isayama, Yoshiyuki Karezaki, BAKA/ty, \nShine, NSFOCUS Security Team and heige.",
"sources": [
{
"db": "BID",
"id": "67081"
}
],
"trust": 0.3
},
"cve": "CVE-2014-0113",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0113",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0113",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-0113",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201404-570",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-0113",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0113"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002269"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-570"
},
{
"db": "NVD",
"id": "CVE-2014-0113"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094. This vulnerability CVE-2014-0094 Vulnerability due to insufficient fix for.Through a crafted request by a third party, ClassLoader The \" operation (manipulate)\" And any code could be executed. Apache Struts is prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. \nApache Struts versions 2.0.0 through 2.3.16.1 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0113"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002269"
},
{
"db": "BID",
"id": "67081"
},
{
"db": "VULMON",
"id": "CVE-2014-0113"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=33142",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0113"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0113",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "59178",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002269",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201404-570",
"trust": 0.6
},
{
"db": "BID",
"id": "67081",
"trust": 0.3
},
{
"db": "EXPLOITDB",
"id": "33142",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-0113",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0113"
},
{
"db": "BID",
"id": "67081"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002269"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-570"
},
{
"db": "NVD",
"id": "CVE-2014-0113"
}
]
},
"id": "VAR-201404-0287",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1875
},
"last_update_date": "2025-04-13T22:09:03.444000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Bulletins S2-021",
"trust": 0.8,
"url": "https://cwiki.apache.org/confluence/display/WW/S2-021"
},
{
"title": "Download a Release of Apache Struts -- Full Releases Struts 2.3.16.2",
"trust": 0.8,
"url": "http://struts.apache.org/download.cgi#struts23162"
},
{
"title": "1680848",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680848"
},
{
"title": "1681190",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681190"
},
{
"title": "NV15-001",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv15-001.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html"
},
{
"title": "Oracle Critical Patch Update Advisory - April 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"title": "April 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update"
},
{
"title": "CVE-2014-0094 \u4ed6 \u306b\u95a2\u3059\u308b\u5f71\u97ff",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/cve2014-0094-0114.html"
},
{
"title": "Symfoware Server\uff08Open\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\uff09: Struts\u306e\u8106\u5f31\u6027(CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116) (2014\u5e746\u67082\u65e5)",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/symfoware_201402.html"
},
{
"title": "FUJITSU Integrated System HA Database Ready: Struts2\u306e\u8106\u5f31\u6027(CVE-2014-0094,CVE-2014-0112,CVE-2014-0113,CVE-2014-0116) (2014\u5e746\u670819\u65e5)",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/ha_db_ready_201401.html"
},
{
"title": "struts-2.3.16.2-all",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49668"
},
{
"title": "Red Hat: CVE-2014-0113",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-0113"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
},
{
"title": "-maven-security-versions",
"trust": 0.1,
"url": "https://github.com/nagauker/-maven-security-versions "
},
{
"title": "maven-security-versions-Travis",
"trust": 0.1,
"url": "https://github.com/klee94/maven-security-versions-Travis "
},
{
"title": "maven-security-versions",
"trust": 0.1,
"url": "https://github.com/victims/maven-security-versions "
},
{
"title": "victims",
"trust": 0.1,
"url": "https://github.com/tmpgit3000/victims "
},
{
"title": "victims",
"trust": 0.1,
"url": "https://github.com/alexsh88/victims "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0113"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002269"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-570"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002269"
},
{
"db": "NVD",
"id": "CVE-2014-0113"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676706"
},
{
"trust": 1.7,
"url": "https://cwiki.apache.org/confluence/display/ww/s2-021"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59178"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/531952/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0113"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0113"
},
{
"trust": 0.3,
"url": "http://www.arubanetworks.com/support/alerts/aid-051414.asc"
},
{
"trust": 0.3,
"url": "https://github.com/skavanagh/ec2box/releases/tag/v0.11.02"
},
{
"trust": 0.3,
"url": "https://github.com/skavanagh/keybox/releases/tag/v2.10.03"
},
{
"trust": 0.3,
"url": "http://struts.apache.org/"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21680848"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=isg3t1020896"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=isg3t1020893"
},
{
"trust": 0.3,
"url": "http://struts.apache.org/development/2.x/docs/s2-021.html"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=isg3t1020894"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=isg3t1020895"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=33975"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/victims/maven-security-versions"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/33142/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0113"
},
{
"db": "BID",
"id": "67081"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002269"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-570"
},
{
"db": "NVD",
"id": "CVE-2014-0113"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2014-0113"
},
{
"db": "BID",
"id": "67081"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002269"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-570"
},
{
"db": "NVD",
"id": "CVE-2014-0113"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0113"
},
{
"date": "2014-04-28T00:00:00",
"db": "BID",
"id": "67081"
},
{
"date": "2014-04-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002269"
},
{
"date": "2014-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-570"
},
{
"date": "2014-04-29T10:37:03.700000",
"db": "NVD",
"id": "CVE-2014-0113"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-12T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0113"
},
{
"date": "2015-05-07T17:38:00",
"db": "BID",
"id": "67081"
},
{
"date": "2016-08-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002269"
},
{
"date": "2019-08-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-570"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-0113"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-570"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Struts of CookieInterceptor In ClassLoader Vulnerability manipulated",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002269"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-570"
}
],
"trust": 0.6
}
}
CVE-2022-33959 (GCVE-0-2022-33959)
Vulnerability from nvd – Published: 2023-04-07 13:07 – Updated: 2025-02-10 15:22
VLAI?
Title
IBM Sterling Order Management privilege escalation
Summary
IBM Sterling Order Management 10.0 could allow a user to bypass validation and perform unauthorized actions on behalf of other users. IBM X-Force ID: 229320.
Severity ?
5.4 (Medium)
CWE
- 602 Client-Side Enforcement of Server-Side Security
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Order Management |
Affected:
10.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:16:15.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6981911"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229320"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-33959",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T15:22:01.296740Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T15:22:17.601Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sterling Order Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling Order Management 10.0 could allow a user to bypass validation and perform unauthorized actions on behalf of other users. IBM X-Force ID: 229320."
}
],
"value": "IBM Sterling Order Management 10.0 could allow a user to bypass validation and perform unauthorized actions on behalf of other users. IBM X-Force ID: 229320."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "602 Client-Side Enforcement of Server-Side Security",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-07T13:07:34.479Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6981911"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229320"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling Order Management privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-33959",
"datePublished": "2023-04-07T13:07:34.479Z",
"dateReserved": "2022-06-17T18:20:44.032Z",
"dateUpdated": "2025-02-10T15:22:17.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34333 (GCVE-0-2022-34333)
Vulnerability from nvd – Published: 2023-04-07 12:58 – Updated: 2025-02-10 15:22
VLAI?
Title
IBM Sterling Order Management information disclosure
Summary
IBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698.
Severity ?
5.9 (Medium)
CWE
- CWE-521 - Weak Password Requirements
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Order Management |
Affected:
10.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:07:16.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6981917"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229698"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-34333",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T15:22:46.922765Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T15:22:51.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sterling Order Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(204, 217, 226);\"\u003eIBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698.\u003c/span\u003e\n\n"
}
],
"value": "\nIBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-07T12:58:38.888Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6981917"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229698"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling Order Management information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-34333",
"datePublished": "2023-04-07T12:58:38.888Z",
"dateReserved": "2022-06-22T19:42:48.458Z",
"dateUpdated": "2025-02-10T15:22:51.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20554 (GCVE-0-2021-20554)
Vulnerability from nvd – Published: 2021-09-30 16:20 – Updated: 2024-09-17 03:02
VLAI?
Summary
IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199179.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Order Management |
Affected:
9.4
Affected: 9.5 Affected: 10.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6493881"
},
{
"name": "ibm-sterling-cve202120554-xss (199179)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199179"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sterling Order Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.4"
},
{
"status": "affected",
"version": "9.5"
},
{
"status": "affected",
"version": "10.0"
}
]
}
],
"datePublic": "2021-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199179."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/I:L/AV:N/UI:R/S:C/C:L/AC:L/PR:N/E:H/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-30T16:20:14",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6493881"
},
{
"name": "ibm-sterling-cve202120554-xss (199179)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199179"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-09-29T00:00:00",
"ID": "CVE-2021-20554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sterling Order Management",
"version": {
"version_data": [
{
"version_value": "9.4"
},
{
"version_value": "9.5"
},
{
"version_value": "10.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199179."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "N",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6493881",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6493881 (Sterling Order Management)",
"url": "https://www.ibm.com/support/pages/node/6493881"
},
{
"name": "ibm-sterling-cve202120554-xss (199179)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199179"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-20554",
"datePublished": "2021-09-30T16:20:15.003439Z",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-09-17T03:02:18.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9991 (GCVE-0-2016-9991)
Vulnerability from nvd – Published: 2017-06-08 21:00 – Updated: 2024-08-06 03:07
VLAI?
Summary
IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 121314.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Order Management |
Affected:
9.2
Affected: 9.2.1 Affected: 9.3 Affected: 9.4 Affected: 9.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96084",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96084"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121314"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21998167"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sterling Order Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.2"
},
{
"status": "affected",
"version": "9.2.1"
},
{
"status": "affected",
"version": "9.3"
},
{
"status": "affected",
"version": "9.4"
},
{
"status": "affected",
"version": "9.5"
}
]
}
],
"datePublic": "2017-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 121314."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-09T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "96084",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96084"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121314"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21998167"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-9991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sterling Order Management",
"version": {
"version_data": [
{
"version_value": "9.2"
},
{
"version_value": "9.2.1"
},
{
"version_value": "9.3"
},
{
"version_value": "9.4"
},
{
"version_value": "9.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 121314."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96084"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121314",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121314"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21998167",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21998167"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-9991",
"datePublished": "2017-06-08T21:00:00",
"dateReserved": "2016-12-16T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-33959 (GCVE-0-2022-33959)
Vulnerability from cvelistv5 – Published: 2023-04-07 13:07 – Updated: 2025-02-10 15:22
VLAI?
Title
IBM Sterling Order Management privilege escalation
Summary
IBM Sterling Order Management 10.0 could allow a user to bypass validation and perform unauthorized actions on behalf of other users. IBM X-Force ID: 229320.
Severity ?
5.4 (Medium)
CWE
- 602 Client-Side Enforcement of Server-Side Security
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Order Management |
Affected:
10.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:16:15.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6981911"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229320"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-33959",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T15:22:01.296740Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T15:22:17.601Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sterling Order Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling Order Management 10.0 could allow a user to bypass validation and perform unauthorized actions on behalf of other users. IBM X-Force ID: 229320."
}
],
"value": "IBM Sterling Order Management 10.0 could allow a user to bypass validation and perform unauthorized actions on behalf of other users. IBM X-Force ID: 229320."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "602 Client-Side Enforcement of Server-Side Security",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-07T13:07:34.479Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6981911"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229320"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling Order Management privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-33959",
"datePublished": "2023-04-07T13:07:34.479Z",
"dateReserved": "2022-06-17T18:20:44.032Z",
"dateUpdated": "2025-02-10T15:22:17.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34333 (GCVE-0-2022-34333)
Vulnerability from cvelistv5 – Published: 2023-04-07 12:58 – Updated: 2025-02-10 15:22
VLAI?
Title
IBM Sterling Order Management information disclosure
Summary
IBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698.
Severity ?
5.9 (Medium)
CWE
- CWE-521 - Weak Password Requirements
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Order Management |
Affected:
10.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:07:16.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6981917"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229698"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-34333",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T15:22:46.922765Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T15:22:51.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sterling Order Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(204, 217, 226);\"\u003eIBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698.\u003c/span\u003e\n\n"
}
],
"value": "\nIBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-07T12:58:38.888Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6981917"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229698"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling Order Management information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-34333",
"datePublished": "2023-04-07T12:58:38.888Z",
"dateReserved": "2022-06-22T19:42:48.458Z",
"dateUpdated": "2025-02-10T15:22:51.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20554 (GCVE-0-2021-20554)
Vulnerability from cvelistv5 – Published: 2021-09-30 16:20 – Updated: 2024-09-17 03:02
VLAI?
Summary
IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199179.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Order Management |
Affected:
9.4
Affected: 9.5 Affected: 10.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6493881"
},
{
"name": "ibm-sterling-cve202120554-xss (199179)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199179"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sterling Order Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.4"
},
{
"status": "affected",
"version": "9.5"
},
{
"status": "affected",
"version": "10.0"
}
]
}
],
"datePublic": "2021-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199179."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/I:L/AV:N/UI:R/S:C/C:L/AC:L/PR:N/E:H/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-30T16:20:14",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6493881"
},
{
"name": "ibm-sterling-cve202120554-xss (199179)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199179"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-09-29T00:00:00",
"ID": "CVE-2021-20554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sterling Order Management",
"version": {
"version_data": [
{
"version_value": "9.4"
},
{
"version_value": "9.5"
},
{
"version_value": "10.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199179."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "N",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6493881",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6493881 (Sterling Order Management)",
"url": "https://www.ibm.com/support/pages/node/6493881"
},
{
"name": "ibm-sterling-cve202120554-xss (199179)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199179"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-20554",
"datePublished": "2021-09-30T16:20:15.003439Z",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-09-17T03:02:18.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9991 (GCVE-0-2016-9991)
Vulnerability from cvelistv5 – Published: 2017-06-08 21:00 – Updated: 2024-08-06 03:07
VLAI?
Summary
IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 121314.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling Order Management |
Affected:
9.2
Affected: 9.2.1 Affected: 9.3 Affected: 9.4 Affected: 9.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96084",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96084"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121314"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21998167"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sterling Order Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.2"
},
{
"status": "affected",
"version": "9.2.1"
},
{
"status": "affected",
"version": "9.3"
},
{
"status": "affected",
"version": "9.4"
},
{
"status": "affected",
"version": "9.5"
}
]
}
],
"datePublic": "2017-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 121314."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-09T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "96084",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96084"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121314"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21998167"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-9991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sterling Order Management",
"version": {
"version_data": [
{
"version_value": "9.2"
},
{
"version_value": "9.2.1"
},
{
"version_value": "9.3"
},
{
"version_value": "9.4"
},
{
"version_value": "9.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 121314."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96084"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121314",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121314"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21998167",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21998167"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-9991",
"datePublished": "2017-06-08T21:00:00",
"dateReserved": "2016-12-16T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}