IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request.
CVEID: CVE-2017-1326**
DESCRIPTION:** IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/126060> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
IBM Sterling B2B Integrator 5.2
Product & Version
| APAR|Remediation/Fix
—|—|—
IBM Sterling B2B Integrator 5.2| IT20411| Apply B2B Integrator fix pack 5020603_2 on Fix Central
None