Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Sterling_file_gateway
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 64 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-09-30 | CVE-2019-4423 | IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162769. | Sterling_file_gateway | 5.3 | ||
| 2018-07-20 | CVE-2018-1563 | IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142967. | Sterling_b2b_integrator, Sterling_file_gateway | 5.4 | ||
| 2018-07-20 | CVE-2018-1470 | IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote authenticated attacker to obtain sensitive information displayed in the URL that could lead to further attacks against the system. IBM X-Force ID: 140688. | Sterling_file_gateway | 4.3 | ||
| 2018-07-20 | CVE-2018-1398 | IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote attacker to download certain files that could contain sensitive information. IBM X-Force ID: 138434. | Sterling_file_gateway | 5.3 | ||
| 2018-07-20 | CVE-2017-1575 | IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) uses weaker than expected cryptographic algorithms that could allow a local attacker to decrypt highly sensitive information. IBM X-Force ID: 132032. | Sterling_file_gateway | 5.5 | ||
| 2018-07-20 | CVE-2017-1544 | IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) caches usernames and passwords in browsers that could be used by a local attacker to obtain sensitive information. IBM X-Force ID: 130812. | Sterling_file_gateway | 7.8 | ||
| 2017-12-11 | CVE-2017-1550 | IBM Sterling File Gateway 2.2 could allow an authenticated user to change other user's passwords. IBM X-Force ID: 131290. | Sterling_file_gateway | 6.5 | ||
| 2017-12-11 | CVE-2017-1632 | IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133178. | Sterling_file_gateway | 5.4 | ||
| 2017-12-11 | CVE-2017-1549 | IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131289. | Sterling_file_gateway | 5.4 | ||
| 2017-12-11 | CVE-2017-1548 | IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 131288. | Sterling_file_gateway | 5.3 |