Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Sterling_file_gateway
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 64 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-07-20 | CVE-2017-1575 | IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) uses weaker than expected cryptographic algorithms that could allow a local attacker to decrypt highly sensitive information. IBM X-Force ID: 132032. | Sterling_file_gateway | 5.5 | ||
| 2018-07-20 | CVE-2017-1544 | IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) caches usernames and passwords in browsers that could be used by a local attacker to obtain sensitive information. IBM X-Force ID: 130812. | Sterling_file_gateway | 7.8 | ||
| 2017-12-11 | CVE-2017-1550 | IBM Sterling File Gateway 2.2 could allow an authenticated user to change other user's passwords. IBM X-Force ID: 131290. | Sterling_file_gateway | 6.5 | ||
| 2017-12-11 | CVE-2017-1632 | IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133178. | Sterling_file_gateway | 5.4 | ||
| 2017-12-11 | CVE-2017-1549 | IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131289. | Sterling_file_gateway | 5.4 | ||
| 2017-12-11 | CVE-2017-1548 | IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 131288. | Sterling_file_gateway | 5.3 | ||
| 2017-12-07 | CVE-2017-1497 | IBM Sterling File Gateway 2.2 could allow an unauthorized user to view files they should not have access to providing they know the directory location of the file. IBM X-Force ID: 128695. | Sterling_file_gateway | 3.7 | ||
| 2017-12-07 | CVE-2017-1487 | IBM Sterling File Gateway 2.2 could allow an authenticated attacker to obtain sensitive information such as login ids on the system. IBM X-Force ID: 128626. | Sterling_file_gateway | 6.5 | ||
| 2017-08-02 | CVE-2015-0194 | XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data. | Sterling_b2b_integrator, Sterling_file_gateway | 6.5 | ||
| 2015-01-10 | CVE-2014-6199 | The HTTP Server Adapter in IBM Sterling B2B Integrator 5.1 and 5.2.x and Sterling File Gateway 2.1 and 2.2 allows remote attackers to cause a denial of service (connection-slot exhaustion) via a crafted HTTP request. | Sterling_b2b_integrator, Sterling_file_gateway | N/A |