Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Sterling_file_gateway
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 73 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-03-10 | CVE-2024-47109 | IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 UI could disclosure the installation path of the server which could aid in further attacks against the system. | Sterling_file_gateway | 5.3 | ||
| 2025-06-18 | CVE-2024-54183 | IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Sterling_b2b_integrator, Sterling_file_gateway | 5.4 | ||
| 2025-06-18 | CVE-2024-54172 | IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | Sterling_b2b_integrator, Sterling_file_gateway | 4.3 | ||
| 2025-06-18 | CVE-2025-1348 | IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 could allow a local user to obtain sensitive information from a user’s web browser cache due to not using a suitable caching policy. | Sterling_b2b_integrator, Sterling_file_gateway | 4.0 | ||
| 2025-06-18 | CVE-2025-1349 | IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Sterling_b2b_integrator, Sterling_file_gateway | 4.8 | ||
| 2024-04-12 | CVE-2023-47714 | IBM Sterling File Gateway 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271531. | Sterling_file_gateway | 4.8 | ||
| 2025-01-27 | CVE-2023-47159 | IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to enumerate usernames due to an observable discrepancy in request responses. | Sterling_file_gateway | 4.3 | ||
| 2025-01-27 | CVE-2023-52292 | IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Sterling_file_gateway | 5.4 | ||
| 2025-01-27 | CVE-2024-22316 | IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls. | Sterling_file_gateway | 4.3 | ||
| 2020-05-14 | CVE-2020-4259 | IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to. IBM X-Force ID: 175638. | Sterling_file_gateway | 6.5 |