CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-2827 – IBM Sterling File Gateway information disclosure
https://notcve.org/view.php?id=CVE-2025-2827
08 Jul 2025 — IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 could disclose sensitive installation directory information to an authenticated user that could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7239094 • CWE-548: Exposure of Information Through Directory Listing •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-2793 – IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting
https://notcve.org/view.php?id=CVE-2025-2793
08 Jul 2025 — IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7239092 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2025-3630 – IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting
https://notcve.org/view.php?id=CVE-2025-3630
08 Jul 2025 — IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7239095 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-47109 – IBM Sterling File Gateway information disclosure
https://notcve.org/view.php?id=CVE-2024-47109
10 Mar 2025 — IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 UI could disclosure the installation path of the server which could aid in further attacks against the system. • https://www.ibm.com/support/pages/node/7185259 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52292 – IBM Sterling File Gateway cross-site scripting
https://notcve.org/view.php?id=CVE-2023-52292
27 Jan 2025 — IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7176079 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-47159 – IBM Sterling File Gateway information disclosure
https://notcve.org/view.php?id=CVE-2023-47159
27 Jan 2025 — IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to enumerate usernames due to an observable discrepancy in request responses. • https://www.ibm.com/support/pages/node/7176083 • CWE-204: Observable Response Discrepancy •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22316 – IBM Sterling File Gateway improper access control
https://notcve.org/view.php?id=CVE-2024-22316
27 Jan 2025 — IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls. • https://www.ibm.com/support/pages/node/7176083 • CWE-284: Improper Access Control •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-47714 – IBM Sterling File Gateway cross-site scripting
https://notcve.org/view.php?id=CVE-2023-47714
12 Apr 2024 — IBM Sterling File Gateway 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271531. IBM Sterling File Gateway 6.0.0.0 a 6.0.3.9, 6.1.0.0 a 6.1.2.3 y 6.2.0.0 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar cód... • https://exchange.xforce.ibmcloud.com/vulnerabilities/271531 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2021-39086
https://notcve.org/view.php?id=CVE-2021-39086
16 Aug 2022 — IBM Sterling File Gateway 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 215889. IBM Sterling File Gateway versiones 6.0.0.0 hasta 6.0.3.5, 6.1.0.0 hasta 6.1.0.4 y 6.1.1.0 hasta 6.1.1.1, podrían permitir a un atacante remoto obtener información confidencial cuando ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/215889 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-4654
https://notcve.org/view.php?id=CVE-2020-4654
08 Oct 2021 — IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information due to improper permission control. IBM X-Force ID: 186090. IBM Sterling File Gateway versiones 2.2.0.0 hasta 6.1.1.0, podría permitir a un usuario autenticado conseguir información confidencial debido a un control de permisos inapropiado. IBM X-Force ID: 186090 • https://exchange.xforce.ibmcloud.com/vulnerabilities/186090 •