Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Sterling File Gateway Security Vulnerabilities - CVSS Score 5 - 6

cve
cve

CVE-2012-5936

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

6.5AI Score

0.002EPSS

2013-07-03 01:54 PM
23
cve
cve

CVE-2013-0481

The console in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote attackers to read stack traces by triggering (1) an error or (2) an exception.

6.6AI Score

0.003EPSS

2013-07-03 01:54 PM
23
cve
cve

CVE-2013-0539

An unspecified third-party component in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 uses short session ID values, which makes it easier for remote attackers to hijack sessions, and consequently obtain sensitive information, via a brute-force attack.

6.5AI Score

0.003EPSS

2013-07-03 01:54 PM
23
cve
cve

CVE-2013-0558

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to obtain sensitive information about application implementation via unspecified vectors.

6.1AI Score

0.003EPSS

2013-07-03 01:54 PM
30
cve
cve

CVE-2014-0912

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to obtain sensitive product information via vectors related to an error page. IBM X-Force ID: 92072.

5.3CVSS

5.5AI Score

0.001EPSS

2018-04-20 09:29 PM
27
cve
cve

CVE-2014-6199

The HTTP Server Adapter in IBM Sterling B2B Integrator 5.1 and 5.2.x and Sterling File Gateway 2.1 and 2.2 allows remote attackers to cause a denial of service (connection-slot exhaustion) via a crafted HTTP request.

6.6AI Score

0.002EPSS

2015-01-10 02:59 AM
23
cve
cve

CVE-2017-1548

IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 131288.

5.3CVSS

5.2AI Score

0.002EPSS

2017-12-11 09:29 PM
34
cve
cve

CVE-2017-1549

IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131289.

5.4CVSS

5.2AI Score

0.001EPSS

2017-12-11 09:29 PM
26
cve
cve

CVE-2017-1575

IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) uses weaker than expected cryptographic algorithms that could allow a local attacker to decrypt highly sensitive information. IBM X-Force ID: 132032.

5.5CVSS

5.7AI Score

0.0004EPSS

2018-07-20 04:29 PM
28
cve
cve

CVE-2017-1632

IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133178.

5.4CVSS

5.2AI Score

0.001EPSS

2017-12-11 09:29 PM
27
cve
cve

CVE-2018-1398

IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote attacker to download certain files that could contain sensitive information. IBM X-Force ID: 138434.

5.3CVSS

5.1AI Score

0.002EPSS

2018-07-20 04:29 PM
26
cve
cve

CVE-2018-1563

IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

5.4CVSS

5.1AI Score

0.001EPSS

2018-07-20 04:29 PM
44
cve
cve

CVE-2019-4280

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 displays sensitive information in HTTP requests which could be used in further attacks against the system. IBM X-Force ID: 160503.

5.3CVSS

4.9AI Score

0.001EPSS

2019-09-30 04:15 PM
38
cve
cve

CVE-2019-4423

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162769.

5.3CVSS

5.2AI Score

0.001EPSS

2019-09-30 04:15 PM
29
cve
cve

CVE-2020-4564

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 and IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially le...

5.4CVSS

5.2AI Score

0.001EPSS

2020-10-20 03:15 PM
27
cve
cve

CVE-2021-20484

IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

5.4CVSS

5.2AI Score

0.001EPSS

2021-09-23 05:15 PM
24
cve
cve

CVE-2021-39086

IBM Sterling File Gateway 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the sys...

5.3CVSS

4.9AI Score

0.001EPSS

2022-08-16 07:15 PM
50
5