Sterling File Gateway@* Security Vulnerabilities and Issues — Sterling File Gateway@* CVE List

Lucene search

IbmSterling File Gateway*

34 matches found

CVE•added 2019/09/16 7:15 p.m.•126 views

CVE-2019-4147

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.

7.2CVSS7.1AI score0.00413EPSS

CVE•added 2025/01/27 4:15 p.m.•84 views

CVE-2023-47159

IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to enumerate usernames due to an observable discrepancy in request responses.

4.3CVSS6.5AI score0.00037EPSS

CVE•added 2025/01/27 4:15 p.m.•67 views

CVE-2023-52292

IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within ...

6.4CVSS6.1AI score0.00023EPSS

CVE•added 2022/08/16 7:15 p.m.•64 views

CVE-2021-39086

IBM Sterling File Gateway 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the sys...

5.3CVSS4.9AI score0.0005EPSS

CVE•added 2018/07/20 4:29 p.m.•59 views

CVE-2018-1563

IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

5.4CVSS5.1AI score0.02417EPSS

CVE•added 2025/01/27 4:15 p.m.•53 views

CVE-2024-22316

IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls.

4.3CVSS6.6AI score0.00037EPSS

CVE•added 2019/09/30 4:15 p.m.•48 views

CVE-2019-4280

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 displays sensitive information in HTTP requests which could be used in further attacks against the system. IBM X-Force ID: 160503.

5.3CVSS4.9AI score0.00133EPSS

CVE•added 2024/04/12 1:15 p.m.•45 views

CVE-2023-47714

IBM Sterling File Gateway 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with...

5.4CVSS6AI score0.00052EPSS

CVE•added 2019/09/30 4:15 p.m.•41 views

CVE-2019-4423

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162769.

5.3CVSS5.2AI score0.00533EPSS

CVE•added 2018/07/20 4:29 p.m.•40 views

CVE-2017-1575

IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) uses weaker than expected cryptographic algorithms that could allow a local attacker to decrypt highly sensitive information. IBM X-Force ID: 132032.

5.5CVSS5.7AI score0.00023EPSS

CVE•added 2025/03/10 4:15 p.m.•40 views

CVE-2024-47109

IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 UI could disclosure the installation path of the server which could aid in further attacks against the system.

5.3CVSS6.8AI score0.00049EPSS

CVE•added 2021/10/07 6:15 p.m.•39 views

CVE-2021-20489

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 197790.

8.8CVSS8.4AI score0.00094EPSS

CVE•added 2020/05/14 4:15 p.m.•38 views

CVE-2020-4259

IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to. IBM X-Force ID: 175638.

6.5CVSS6.1AI score0.00102EPSS

CVE•added 2020/05/14 4:15 p.m.•38 views

CVE-2020-4299

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. IBM X-Force ID: 176606.

4.3CVSS4.2AI score0.00077EPSS

CVE•added 2021/10/08 6:15 p.m.•38 views

CVE-2020-4654

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information due to improper permission control. IBM X-Force ID: 186090.

6.5CVSS6AI score0.00312EPSS

CVE•added 2018/07/20 4:29 p.m.•37 views

CVE-2017-1544

IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) caches usernames and passwords in browsers that could be used by a local attacker to obtain sensitive information. IBM X-Force ID: 130812.

7.8CVSS7AI score0.00052EPSS

CVE•added 2018/07/20 4:29 p.m.•37 views

CVE-2018-1398

IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote attacker to download certain files that could contain sensitive information. IBM X-Force ID: 138434.

5.3CVSS5.1AI score0.0021EPSS

CVE•added 2020/11/16 5:15 p.m.•37 views

CVE-2020-4665

IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The coo...

4.3CVSS4.1AI score0.00172EPSS

CVE•added 2020/11/16 5:15 p.m.•36 views

CVE-2020-4647

IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

8.8CVSS8.8AI score0.00372EPSS

CVE•added 2020/11/16 5:15 p.m.•36 views

CVE-2020-4763

IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through 2.2.6.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The coo...

4.3CVSS4.1AI score0.00172EPSS

CVE•added 2020/10/20 3:15 p.m.•35 views

CVE-2020-4564

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 and IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially le...

5.4CVSS5.2AI score0.00259EPSS

CVE•added 2021/09/23 5:15 p.m.•34 views

CVE-2021-20484

IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

5.4CVSS5.2AI score0.00215EPSS

CVE•added 2018/07/20 4:29 p.m.•33 views

CVE-2018-1470

IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote authenticated attacker to obtain sensitive information displayed in the URL that could lead to further attacks against the system. IBM X-Force ID: 140688.

4.3CVSS4.7AI score0.00128EPSS

CVE•added 2020/11/16 5:15 p.m.•32 views

CVE-2020-4476

IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 18177...

7.5CVSS7AI score0.00227EPSS

CVE•added 2021/10/07 6:15 p.m.•32 views

CVE-2021-20473

IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 196944.

6.5CVSS6.2AI score0.00089EPSS

CVE•added 2021/10/07 6:15 p.m.•32 views

CVE-2021-20481

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

6.1CVSS5.8AI score0.00214EPSS

CVE•added 2021/10/07 6:15 p.m.•32 views

CVE-2021-20552

IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170.

4.3CVSS4.1AI score0.00107EPSS

CVE•added 2020/12/16 9:15 p.m.•29 views

CVE-2020-4658

IBM Sterling File Gateway 2.2.0.0 through 6.0.3.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

6.1CVSS5.8AI score0.00188EPSS

CVE•added 2021/09/23 5:15 p.m.•29 views

CVE-2021-20485

IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197667.

4.3CVSS4.1AI score0.00107EPSS

CVE•added 2021/09/23 5:15 p.m.•28 views

CVE-2021-20563

IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote authenciated user to obtain sensitive information. By sending a specially crafted request, the user could disclose a valid filepath on the server which could be used in further attacks against the system. IBM X-Force ID: 199234.

4.3CVSS4.3AI score0.00119EPSS

CVE•added 2025/07/08 3:15 p.m.•6 views

CVE-2025-2827

IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 could disclose sensitive installation directory information to an authenticated user that could be used in further attacks against the system.

4.3CVSS6.1AI score0.00027EPSS

CVE•added 2025/07/08 3:15 p.m.•6 views

CVE-2025-3630

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI t...

6.4CVSS6.1AI score0.00029EPSS

CVE•added 2025/07/08 3:15 p.m.•5 views

CVE-2025-2793

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus a...

5.4CVSS6.3AI score0.00026EPSS

CVE•added 5 days ago•2 views

CVE-2025-33014

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.4 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the vict...

5.4CVSS6.1AI score0.00028EPSS