Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-4259

IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to. IBM X-Force ID: 175638.

Published

2020-05-14T16:15:14.437

Last Modified

2024-11-21T05:32:28.497

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-276

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	sterling_file_gateway	≤ 2.2.6.5_1	Yes
Application	ibm	sterling_file_gateway	≤ 6.0.3.1	Yes
Operating System	hp	hp-ux	-	No
Operating System	ibm	aix	-	No
Operating System	ibm	i	-	No
Operating System	linux	linux_kernel	-	No
Operating System	microsoft	windows	-	No
Operating System	oracle	solaris	-	No

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/175638 VDB Entry, Vendor Advisory ([email protected])
https://www.ibm.com/support/pages/node/6208038 Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/175638 VDB Entry, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.ibm.com/support/pages/node/6208038 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)