CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2021-39086
https://notcve.org/view.php?id=CVE-2021-39086
16 Aug 2022 — IBM Sterling File Gateway 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 215889. IBM Sterling File Gateway versiones 6.0.0.0 hasta 6.0.3.5, 6.1.0.0 hasta 6.1.0.4 y 6.1.1.0 hasta 6.1.1.1, podrían permitir a un atacante remoto obtener información confidencial cuando ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/215889 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-4654
https://notcve.org/view.php?id=CVE-2020-4654
08 Oct 2021 — IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information due to improper permission control. IBM X-Force ID: 186090. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.1.1.0, podría permitir a un usuario autenticado conseguir información confidencial debido a un control de permisos inapropiado. IBM X-Force ID: 186090 • https://exchange.xforce.ibmcloud.com/vulnerabilities/186090 •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20552
https://notcve.org/view.php?id=CVE-2021-20552
07 Oct 2021 — IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170. IBM Sterling File Gateway versiones 6.0.0 hasta 6.1.1.0, podría permitir a un atacante remoto obtener información confidencial cuando un mensaje de error técnico detallado es devuelto en el navegador. Esta información podría ser usada en ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/199170 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20489
https://notcve.org/view.php?id=CVE-2021-20489
07 Oct 2021 — IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 197790. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.1.1.0, es vulnerable a un ataque de tipo cross-site request forgery, que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. IBM X-F... • https://exchange.xforce.ibmcloud.com/vulnerabilities/197790 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20481
https://notcve.org/view.php?id=CVE-2021-20481
07 Oct 2021 — IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197503. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.1.1.0, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfa... • https://exchange.xforce.ibmcloud.com/vulnerabilities/197503 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20473
https://notcve.org/view.php?id=CVE-2021-20473
07 Oct 2021 — IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 196944. IBM Sterling File Gateway User Interface versiones 2.2.0.0 hasta 6.1.1.0, no invalida una sesión tras el cierre de sesión, que podría permitir a un usuario autenticado hacerse pasar por otro en el sistema. IBM X-Force ID: 196944 • https://exchange.xforce.ibmcloud.com/vulnerabilities/196944 • CWE-613: Insufficient Session Expiration •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20563
https://notcve.org/view.php?id=CVE-2021-20563
23 Sep 2021 — IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote authenciated user to obtain sensitive information. By sending a specially crafted request, the user could disclose a valid filepath on the server which could be used in further attacks against the system. IBM X-Force ID: 199234. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.1.0.3, podría permitir a un usuario remoto autenticado conseguir información confidencial. Mediante el envío de una petición especialmente diseñada, el usuario ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/199234 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20485
https://notcve.org/view.php?id=CVE-2021-20485
23 Sep 2021 — IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197667. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.1.0.3, podría permitir a un atacante remoto conseguir información confidencial cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta información podría ser usada... • https://exchange.xforce.ibmcloud.com/vulnerabilities/197667 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20484
https://notcve.org/view.php?id=CVE-2021-20484
23 Sep 2021 — IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197666. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.1.0.3, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfa... • https://exchange.xforce.ibmcloud.com/vulnerabilities/197666 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-4658
https://notcve.org/view.php?id=CVE-2020-4658
16 Dec 2020 — IBM Sterling File Gateway 2.2.0.0 through 6.0.3.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186095. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.0.3.2, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfa... • https://exchange.xforce.ibmcloud.com/vulnerabilities/186095 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •