The Health Check tool in IBM Sterling B2B Integrator 5.2 does not properly use cookies in conjunction with HTTPS sessions, which allows man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.


Multiple cross-site scripting (XSS) vulnerabilities in IBM UrbanCode Deploy 6.0 before, 6.1 before, and 6.2 before allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL.


IBM Multi-Enterprise Integration Gateway 1.0 through and B2B Advanced Communications 1.x before, when guest access is configured, allow remote authenticated users to obtain sensitive information by reading error messages in responses.