cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-52292,https://securityvulnerability.io/vulnerability/CVE-2023-52292,Stored Cross-Site Scripting in IBM Sterling File Gateway,"IBM Sterling File Gateway versions 6.0.0.0 to 6.1.2.5 and 6.2.0.0 to 6.2.0.3 are impacted by a stored cross-site scripting vulnerability. This allows attackers to inject malicious JavaScript into the Web UI, which can manipulate the page's behavior and may facilitate the disclosure of user credentials during a trusted session. Such vulnerabilities can increase the risk of session hijacking and other malicious activities within the application.",IBM,Sterling File Gateway,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-27T16:06:50.729Z,0
CVE-2023-47159,https://securityvulnerability.io/vulnerability/CVE-2023-47159,User Enumeration Vulnerability in IBM Sterling File Gateway,"An authenticated user can exploit a vulnerability in IBM Sterling File Gateway versions 6.0.0.0 to 6.1.2.5 and 6.2.0.0 to 6.2.0.1 to enumerate usernames. This occurs due to noticeable differences in the responses received from the server based on the existence of user accounts, which could potentially lead to the exposure of sensitive user information.",IBM,Sterling File Gateway,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-27T16:04:51.207Z,0
CVE-2024-22316,https://securityvulnerability.io/vulnerability/CVE-2024-22316,Improper Access Control in IBM Sterling File Gateway Affects User Data,"A vulnerability exists in IBM Sterling File Gateway that allows authenticated users to execute unauthorized actions on another user's data, stemming from inadequate access control measures. This could result in unauthorized data manipulation or disclosure, potentially compromising sensitive information and violating user privacy.",IBM,Sterling File Gateway,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-27T16:03:52.880Z,0
CVE-2023-47714,https://securityvulnerability.io/vulnerability/CVE-2023-47714,IBM Sterling File Gateway vulnerable to Cross-Site Scripting,"IBM Sterling File Gateway 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  271531.",IBM,Sterling File Gateway,4.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-12T12:17:19.660Z,0
CVE-2021-39086,https://securityvulnerability.io/vulnerability/CVE-2021-39086,Information Disclosure in IBM Sterling File Gateway,"IBM Sterling File Gateway versions 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 are susceptible to an information disclosure issue. This occurs when detailed technical error messages are displayed in the browser, which may inadvertently divulge sensitive information. This exposed information could be exploited by remote attackers to execute further attacks targeting the system, enhancing their chances of compromising the security of the environment. For further details, refer to IBM’s official announcement and X-Force ID: 215889.",IBM,Sterling File Gateway,4.3,MEDIUM,0.0009899999713525176,false,,false,false,false,,,false,false,,2022-08-16T19:15:00.000Z,0
CVE-2020-4654,https://securityvulnerability.io/vulnerability/CVE-2020-4654,Improper Permission Control in IBM Sterling File Gateway,"IBM Sterling File Gateway versions 2.2.0.0 through 6.1.1.0 has a vulnerability that allows an authenticated user to gain unauthorized access to sensitive information. This issue arises from improper permission control within the application, potentially compromising user data and exposing it to unauthorized users.",IBM,Sterling File Gateway,3.1,LOW,0.0007999999797903001,false,,false,false,false,,,false,false,,2021-10-08T18:15:00.000Z,0
CVE-2021-20489,https://securityvulnerability.io/vulnerability/CVE-2021-20489,Cross-Site Request Forgery Vulnerability in IBM Sterling File Gateway,"The IBM Sterling File Gateway is susceptible to Cross-Site Request Forgery (CSRF), which could permit an attacker to perform unauthorized actions on behalf of a legitimate user. This vulnerability affects versions 2.2.0.0 through 6.1.1.0, potentially enabling attackers to exploit trusted relationships to manipulate user interactions covertly. For further detail, consult IBM's official support documentation.",IBM,Sterling File Gateway,4.3,MEDIUM,0.0010300000431016088,false,,false,false,false,,,false,false,,2021-10-07T18:15:00.000Z,0
CVE-2021-20552,https://securityvulnerability.io/vulnerability/CVE-2021-20552,Information Disclosure Vulnerability in IBM Sterling File Gateway,"IBM Sterling File Gateway versions 6.0.0.0 to 6.1.1.0 are susceptible to an information disclosure vulnerability that could allow remote attackers to retrieve sensitive information. This occurs when a detailed technical error message is displayed in the browser, leaking potential insights that can be exploited for further attacks. Users of affected versions should prioritize applying security updates to mitigate this risk.",IBM,Sterling File Gateway,4.3,MEDIUM,0.0007600000244565308,false,,false,false,false,,,false,false,,2021-10-07T18:15:00.000Z,0
CVE-2021-20372,https://securityvulnerability.io/vulnerability/CVE-2021-20372,Insufficient Permission Checking in IBM Sterling File Gateway,"IBM Sterling File Gateway versions 2.2.0.0 through 6.1.1.0 are susceptible to a denial-of-service scenario that allows authenticated remote users to disrupt the service of other users. This vulnerability arises due to inadequate permission verification, raising concerns about user data accessibility and service reliability. Ensuring proper permission checks and implementing suitable security measures is crucial to mitigate potential service interruptions.",IBM,Sterling File Gateway,4.3,MEDIUM,0.0010900000343099236,false,,false,false,false,,,false,false,,2021-10-07T18:15:00.000Z,0
CVE-2021-20481,https://securityvulnerability.io/vulnerability/CVE-2021-20481,Cross-Site Scripting Vulnerability in IBM Sterling File Gateway,"The IBM Sterling File Gateway is subjected to a cross-site scripting vulnerability that affects versions between 2.2.0.0 and 6.1.1.0. This flaw allows malicious users to inject arbitrary JavaScript code into the Web UI, potentially compromising the integrity of information exchanged and leading to credential theft in trusted sessions. Organizations utilizing these affected versions are urged to implement necessary measures to mitigate this risk and shield their sensitive data.",IBM,Sterling File Gateway,5.4,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2021-10-07T18:15:00.000Z,0
CVE-2021-20375,https://securityvulnerability.io/vulnerability/CVE-2021-20375,Improper Access Control in IBM Sterling File Gateway Allows Message Manipulation,"The vulnerability in IBM Sterling File Gateway allows authenticated users to exploit improper access controls, enabling them to intercept and manipulate messages intended for other users. This lapse in security can potentially compromise sensitive information and disrupt communication within the system. Organizations using affected versions should consider immediate remediation steps to safeguard their data integrity and maintain trust in their communications.",IBM,Sterling File Gateway,6.5,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2021-10-07T18:15:00.000Z,0
CVE-2021-20561,https://securityvulnerability.io/vulnerability/CVE-2021-20561,Cross-Site Scripting Vulnerability in IBM Sterling File Gateway,"IBM Sterling File Gateway, versions 2.2.0.0 through 6.1.1.0, is susceptible to a cross-site scripting issue. This flaw allows an attacker to inject arbitrary JavaScript into the web application's user interface. As a result, this could alter the application's intended behavior, potentially compromising user credentials during a trusted session. This vulnerability emphasizes the importance of securing web applications against XSS attacks to protect sensitive user information.",IBM,Sterling File Gateway,5.4,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2021-10-07T18:15:00.000Z,0
CVE-2021-20376,https://securityvulnerability.io/vulnerability/CVE-2021-20376,User Enumeration Vulnerability in IBM Sterling File Gateway,"An issue in IBM Sterling File Gateway versions 2.2.0.0 through 6.1.1.0 permits authenticated attackers to exploit discrepancies in message responses, enabling them to enumerate valid usernames. This vulnerability arises from varying feedback provided during user authentication attempts, which may reveal the existence of certain accounts within the system. Organizations utilizing affected versions are strongly encouraged to apply the latest security updates to mitigate potential risks.",IBM,Sterling File Gateway,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-10-07T18:15:00.000Z,0
CVE-2021-20584,https://securityvulnerability.io/vulnerability/CVE-2021-20584,Remote File Upload Vulnerability in IBM Sterling File Gateway,"IBM Sterling File Gateway versions 2.2.0.0 through 6.1.1.0 are exposed to a vulnerability that enables a remote attacker to upload arbitrary files due to inadequate access controls. This flaw poses significant risks by allowing unauthorized users to potentially execute malicious scripts or upload harmful files, leading to further compromise of the system. Enhanced security measures and timely updates are essential to mitigate this vulnerability.",IBM,Sterling File Gateway,6.5,MEDIUM,0.001120000029914081,false,,false,false,false,,,false,false,,2021-10-07T18:15:00.000Z,0
CVE-2021-20473,https://securityvulnerability.io/vulnerability/CVE-2021-20473,Session Fixation Vulnerability in IBM Sterling File Gateway,"The IBM Sterling File Gateway User Interface, from version 2.2.0.0 to 6.1.1.0, fails to invalidate user sessions upon logout. This oversight can be exploited by an authenticated user, allowing them to impersonate another user, thereby accessing sensitive information and functionalities intended solely for the impersonated user. This vulnerability raises significant security concerns for organizations using the affected versions, as it undermines the integrity of user authentication mechanisms.",IBM,Sterling File Gateway,6.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2021-10-07T18:15:00.000Z,0
CVE-2021-20563,https://securityvulnerability.io/vulnerability/CVE-2021-20563,Sensitive Information Disclosure in IBM Sterling File Gateway,"IBM Sterling File Gateway versions 2.2.0.0 through 6.1.0.3 contain a vulnerability that allows a remote authenticated user to disclose sensitive information by sending specially crafted requests. This may expose valid file paths on the server, which could potentially be exploited in subsequent attacks. Users are advised to review the details and mitigate risks promptly to safeguard their systems.",IBM,Sterling File Gateway,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-09-23T17:15:00.000Z,0
CVE-2021-20485,https://securityvulnerability.io/vulnerability/CVE-2021-20485,Information Disclosure Vulnerability in IBM Sterling File Gateway,"IBM Sterling File Gateway versions 2.2.0.0 through 6.1.0.3 are exposed to an information disclosure vulnerability. A remote attacker can exploit this flaw by triggering a detailed technical error message displayed in the browser, which may reveal sensitive information. This data could be leveraged to execute more targeted attacks on the affected system.",IBM,Sterling File Gateway,4.3,MEDIUM,0.0007600000244565308,false,,false,false,false,,,false,false,,2021-09-23T17:15:00.000Z,0
CVE-2021-20484,https://securityvulnerability.io/vulnerability/CVE-2021-20484,Cross-Site Scripting Vulnerability in IBM Sterling File Gateway,"IBM Sterling File Gateway versions 2.2.0.0 to 6.1.0.3 are affected by a cross-site scripting vulnerability that enables an attacker to inject arbitrary JavaScript code into the Web UI. This flaw can be exploited to manipulate the application's behavior, potentially allowing for the disclosure of user credentials in a trusted session. The vulnerability underscores the importance of input validation and user input sanitization to prevent unauthorized script execution.",IBM,Sterling File Gateway,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-09-23T17:15:00.000Z,0
CVE-2020-4658,https://securityvulnerability.io/vulnerability/CVE-2020-4658,,IBM Sterling File Gateway 2.2.0.0 through 6.0.3.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186095.,IBM,Sterling File Gateway,6.1,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2020-12-16T21:15:00.000Z,0
CVE-2020-4476,https://securityvulnerability.io/vulnerability/CVE-2020-4476,,IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181778.,IBM,Sterling File Gateway,5.3,MEDIUM,0.003969999961555004,false,,false,false,false,,,false,false,,2020-11-16T17:15:00.000Z,0
CVE-2020-4665,https://securityvulnerability.io/vulnerability/CVE-2020-4665,,IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 186280.,IBM,Sterling File Gateway,4.3,MEDIUM,0.0007999999797903001,false,,false,false,false,,,false,false,,2020-11-16T17:15:00.000Z,0
CVE-2020-4763,https://securityvulnerability.io/vulnerability/CVE-2020-4763,,IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through 2.2.6.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188897.,IBM,Sterling File Gateway,4.3,MEDIUM,0.0007999999797903001,false,,false,false,false,,,false,false,,2020-11-16T17:15:00.000Z,0
CVE-2020-4647,https://securityvulnerability.io/vulnerability/CVE-2020-4647,,"IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.",IBM,Sterling File Gateway,6.3,MEDIUM,0.0010499999625608325,false,,false,false,false,,,false,false,,2020-11-16T17:15:00.000Z,0
CVE-2020-4564,https://securityvulnerability.io/vulnerability/CVE-2020-4564,,IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 and IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183933.,IBM,"Sterling B2b Integrator,Sterling File Gateway",5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2020-10-20T15:15:00.000Z,0
CVE-2020-4259,https://securityvulnerability.io/vulnerability/CVE-2020-4259,,IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to. IBM X-Force ID: 175638.,IBM,Sterling File Gateway,6.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2020-05-14T16:15:00.000Z,0