4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
6.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
This bulletin identifies the steps to take to address a cross-site scripting vulnerability in IBM Sterling File Gateway.
CVEID:CVE-2023-47714
**DESCRIPTION:**IBM Sterling File Gateway is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271531 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Sterling File Gateway | 6.0.0.0 - 6.0.3.9 |
IBM Sterling File Gateway | 6.1.0.0 - 6.1.2.3 |
IBM Sterling File Gateway | 6.2.0.0 |
IBM strongly recommends addressing the vulnerability now.
Product | Version | APAR | Remediation & Fix |
---|---|---|---|
IBM Sterling File Gateway | 6.0.0.0 - 6.0.3.9 | IT44899 | Apply B2BI 6.1.2.5 or 6.2.0.1 |
IBM Sterling File Gateway | 6.1.0.0 - 6.1.2.3 | IT44899 | Apply B2BI 6.1.2.5 or 6.2.0.1 |
IBM Sterling File Gateway | 6.2.0.0 | IT44899 | Apply B2BI 6.2.0.1 |
The IIM versions of 6.1.2.5 and 6.2.0.1 are available on Fix Central.
The container version of 6.1.2.5 and 6.2.0.1 are available in IBM Entitled Registry.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm file gateway | eq | 6.0.0.0 | |
ibm file gateway | eq | 6.2.0.1 |
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
6.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%