CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20563
https://notcve.org/view.php?id=CVE-2021-20563
23 Sep 2021 — IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote authenciated user to obtain sensitive information. By sending a specially crafted request, the user could disclose a valid filepath on the server which could be used in further attacks against the system. IBM X-Force ID: 199234. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.1.0.3, podría permitir a un usuario remoto autenticado conseguir información confidencial. Mediante el envío de una petición especialmente diseñada, el usuario ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/199234 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20485
https://notcve.org/view.php?id=CVE-2021-20485
23 Sep 2021 — IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197667. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.1.0.3, podría permitir a un atacante remoto conseguir información confidencial cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría ser usada... • https://exchange.xforce.ibmcloud.com/vulnerabilities/197667 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20484
https://notcve.org/view.php?id=CVE-2021-20484
23 Sep 2021 — IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197666. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.1.0.3, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfa... • https://exchange.xforce.ibmcloud.com/vulnerabilities/197666 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-4658
https://notcve.org/view.php?id=CVE-2020-4658
16 Dec 2020 — IBM Sterling File Gateway 2.2.0.0 through 6.0.3.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186095. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.0.3.2, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfa... • https://exchange.xforce.ibmcloud.com/vulnerabilities/186095 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4763
https://notcve.org/view.php?id=CVE-2020-4763
16 Nov 2020 — IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through 2.2.6.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188897. IBM Sterling File Gateway versiones 6.0.0.0 hasta 6.0.3.2 y versiones 2.2.0.... • https://exchange.xforce.ibmcloud.com/vulnerabilities/188897 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4665
https://notcve.org/view.php?id=CVE-2020-4665
16 Nov 2020 — IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 186280. IBM Sterling File Gateway versiones 2.2.0.0 hasta 2.2.6.5, y 6.0.0.0 a 6.0.3... • https://exchange.xforce.ibmcloud.com/vulnerabilities/186280 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4647
https://notcve.org/view.php?id=CVE-2020-4647
16 Nov 2020 — IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Sterling File Gateway versiones 2.2.0.0 hasta 2.2.6.5, y versiones 6.0.0.0 hasta 6.0.3.2, es vulnerable a una inyección SQL. Un atacante remoto podría enviar sentencias SQL especialmente diseñadas, lo que podría permitir a un atac... • https://exchange.xforce.ibmcloud.com/vulnerabilities/185809 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4476
https://notcve.org/view.php?id=CVE-2020-4476
16 Nov 2020 — IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181778. IBM Sterling File Gateway versiones 2.2.0.0 hasta 2.2.6.5, y versiones 6.0.0.0 hasta 6.0.3.2, podría permitir a un atacante remoto obtener información confidencial cuando es devuelto un mensaje de error técnico... • https://exchange.xforce.ibmcloud.com/vulnerabilities/181778 •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4564
https://notcve.org/view.php?id=CVE-2020-4564
20 Oct 2020 — IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 and IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183933. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 6.0.3.1 e IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.... • https://exchange.xforce.ibmcloud.com/vulnerabilities/183933 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2020-4299
https://notcve.org/view.php?id=CVE-2020-4299
14 May 2020 — IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. IBM X-Force ID: 176606. IBM Sterling B2B Integrator Standard Edition versiones 5.2.0.0 hasta 6.0.3.1, podría exponer información confidencial a un usuario por medio de una petición HTTP especialmente diseñada. IBM X-Force ID: 176606. • https://exchange.xforce.ibmcloud.com/vulnerabilities/176606 •