CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-2827 – IBM Sterling File Gateway information disclosure
https://notcve.org/view.php?id=CVE-2025-2827
08 Jul 2025 — IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 could disclose sensitive installation directory information to an authenticated user that could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7239094 • CWE-548: Exposure of Information Through Directory Listing •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-2793 – IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting
https://notcve.org/view.php?id=CVE-2025-2793
08 Jul 2025 — IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7239092 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2025-3630 – IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting
https://notcve.org/view.php?id=CVE-2025-3630
08 Jul 2025 — IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7239095 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-47109 – IBM Sterling File Gateway information disclosure
https://notcve.org/view.php?id=CVE-2024-47109
10 Mar 2025 — IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 UI could disclosure the installation path of the server which could aid in further attacks against the system. • https://www.ibm.com/support/pages/node/7185259 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52292 – IBM Sterling File Gateway cross-site scripting
https://notcve.org/view.php?id=CVE-2023-52292
27 Jan 2025 — IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7176079 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-47159 – IBM Sterling File Gateway information disclosure
https://notcve.org/view.php?id=CVE-2023-47159
27 Jan 2025 — IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to enumerate usernames due to an observable discrepancy in request responses. • https://www.ibm.com/support/pages/node/7176083 • CWE-204: Observable Response Discrepancy •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22316 – IBM Sterling File Gateway improper access control
https://notcve.org/view.php?id=CVE-2024-22316
27 Jan 2025 — IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls. • https://www.ibm.com/support/pages/node/7176083 • CWE-284: Improper Access Control •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-47714 – IBM Sterling File Gateway cross-site scripting
https://notcve.org/view.php?id=CVE-2023-47714
12 Apr 2024 — IBM Sterling File Gateway 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271531. IBM Sterling File Gateway 6.0.0.0 a 6.0.3.9, 6.1.0.0 a 6.1.2.3 y 6.2.0.0 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar cód... • https://exchange.xforce.ibmcloud.com/vulnerabilities/271531 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •