Sterling File Gateway Security Vulnerabilities and Issues — Sterling File Gateway CVE List

Lucene search

IbmSterling File Gateway

26 matches found

CVE•added 2025/01/27 4:15 p.m.•84 views

CVE-2023-47159

IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to enumerate usernames due to an observable discrepancy in request responses.

4.3CVSS6.5AI score0.00037EPSS

CVE•added 2025/01/27 4:15 p.m.•53 views

CVE-2024-22316

IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls.

4.3CVSS6.6AI score0.00037EPSS

CVE•added 2013/07/03 1:54 p.m.•46 views

CVE-2013-3020

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-0463, CVE-2013-2985, CVE-2013-2987, CVE-2013-0568, CVE-201...

4CVSS5.4AI score0.00179EPSS

CVE•added 2013/07/03 1:54 p.m.•43 views

CVE-2013-0463

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-2985, CVE-2013-2987, CVE-2013-3020, CVE-2013-0568, CVE-201...

4CVSS5.4AI score0.00179EPSS

CVE•added 2013/07/03 1:54 p.m.•42 views

CVE-2013-0568

4CVSS5.4AI score0.00179EPSS

CVE•added 2021/10/07 6:15 p.m.•41 views

CVE-2021-20376

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. IBM X-Force ID: 195568.

4.3CVSS4.3AI score0.00119EPSS

CVE•added 2013/07/03 1:54 p.m.•40 views

CVE-2013-2985

4CVSS5.4AI score0.00179EPSS

CVE•added 2013/07/02 2:12 p.m.•39 views

CVE-2013-0455

Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2.4 and Sterling File Gateway allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.00236EPSS

CVE•added 2013/07/03 1:54 p.m.•39 views

CVE-2013-0475

4CVSS5.4AI score0.00179EPSS

CVE•added 2013/07/03 1:54 p.m.•39 views

CVE-2013-0567

4CVSS5.4AI score0.00179EPSS

CVE•added 2013/12/21 2:22 p.m.•39 views

CVE-2013-5413

IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not invalidate a session upon a logout action, which allows remote attackers to bypass authentication by leveraging an unattended workstation.

4.3CVSS7AI score0.00265EPSS

CVE•added 2013/12/21 2:22 p.m.•38 views

CVE-2013-5411

IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote attackers to inject links and trigger unintended navigation or actions via unspecified vectors.

4.3CVSS6.7AI score0.00246EPSS

CVE•added 2020/05/14 4:15 p.m.•38 views

CVE-2020-4299

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. IBM X-Force ID: 176606.

4.3CVSS4.2AI score0.00077EPSS

CVE•added 2013/07/03 1:54 p.m.•37 views

CVE-2013-0479

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 do not properly restrict file types and extensions, which allows remote authenticated users to bypass intended access restrictions via a crafted filename.

4CVSS6.2AI score0.00121EPSS

CVE•added 2013/12/21 2:22 p.m.•37 views

CVE-2013-5407

IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not properly restrict use of FRAME elements, which allows remote authenticated users to bypass intended access restrictions or obtain sensitive information via a crafted web site, related to a "frame injection" issue.

4.9CVSS5.8AI score0.00154EPSS

CVE•added 2017/12/07 3:29 p.m.•37 views

CVE-2017-1497

IBM Sterling File Gateway 2.2 could allow an unauthorized user to view files they should not have access to providing they know the directory location of the file. IBM X-Force ID: 128695.

4.3CVSS4.4AI score0.00186EPSS

CVE•added 2020/11/16 5:15 p.m.•37 views

CVE-2020-4665

IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The coo...

4.3CVSS4.1AI score0.00172EPSS

CVE•added 2020/11/16 5:15 p.m.•36 views

CVE-2020-4763

IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through 2.2.6.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The coo...

4.3CVSS4.1AI score0.00172EPSS

CVE•added 2021/10/07 6:15 p.m.•35 views

CVE-2021-20372

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote authenticated user to cause a denial of another user's service due to insufficient permission checking. IBM X-Force ID: 195518.

4.3CVSS4.3AI score0.00268EPSS

CVE•added 2013/07/03 1:54 p.m.•34 views

CVE-2013-2987

4CVSS5.4AI score0.00179EPSS

CVE•added 2018/07/20 4:29 p.m.•33 views

CVE-2018-1470

IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote authenticated attacker to obtain sensitive information displayed in the URL that could lead to further attacks against the system. IBM X-Force ID: 140688.

4.3CVSS4.7AI score0.00128EPSS

CVE•added 2013/07/03 1:54 p.m.•32 views

CVE-2013-0456

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to hijack sessions via a modified cookie path.

4CVSS6.2AI score0.00154EPSS

CVE•added 2021/10/07 6:15 p.m.•32 views

CVE-2021-20552

IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170.

4.3CVSS4.1AI score0.00107EPSS

CVE•added 2021/09/23 5:15 p.m.•29 views

CVE-2021-20485

IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197667.

4.3CVSS4.1AI score0.00107EPSS

CVE•added 2021/09/23 5:15 p.m.•28 views

CVE-2021-20563

IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote authenciated user to obtain sensitive information. By sending a specially crafted request, the user could disclose a valid filepath on the server which could be used in further attacks against the system. IBM X-Force ID: 199234.

4.3CVSS4.3AI score0.00119EPSS

CVE•added 2025/07/08 3:15 p.m.•6 views

CVE-2025-2827

IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 could disclose sensitive installation directory information to an authenticated user that could be used in further attacks against the system.

4.3CVSS6.1AI score0.00027EPSS