Vulnerabilities > IBM > Sterling File Gateway

DATE CVE VULNERABILITY TITLE RISK
2025-01-27 CVE-2023-47159 Response Discrepancy Information Exposure vulnerability in IBM Sterling File Gateway
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to enumerate usernames due to an observable discrepancy in request responses.
network
low complexity
ibm CWE-204
4.3
2025-01-27 CVE-2023-52292 Cross-site Scripting vulnerability in IBM Sterling File Gateway
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2025-01-27 CVE-2024-22316 Improper Access Control vulnerability in IBM Sterling File Gateway
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls.
network
low complexity
ibm CWE-284
4.3
2024-04-12 CVE-2023-47714 Unspecified vulnerability in IBM Sterling File Gateway
IBM Sterling File Gateway 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting.
network
low complexity
ibm
5.4
2022-08-16 CVE-2021-39086 Information Exposure Through an Error Message vulnerability in IBM Sterling File Gateway
IBM Sterling File Gateway 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
5.3
2021-10-08 CVE-2020-4654 Unspecified vulnerability in IBM Sterling File Gateway
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information due to improper permission control.
network
low complexity
ibm
6.5
2021-10-07 CVE-2021-20473 Insufficient Session Expiration vulnerability in IBM Sterling File Gateway
IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
6.5
2021-10-07 CVE-2021-20481 Cross-site Scripting vulnerability in IBM Sterling File Gateway
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2021-10-07 CVE-2021-20489 Cross-Site Request Forgery (CSRF) vulnerability in IBM Sterling File Gateway
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2021-10-07 CVE-2021-20552 Information Exposure Through an Error Message vulnerability in IBM Sterling File Gateway
IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
4.3