Vulnerabilities > IBM > Sterling File Gateway
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-16 | CVE-2020-4665 | Unspecified vulnerability in IBM Sterling File Gateway IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secure attribute on authorization tokens or session cookies. network ibm | 4.3 |
| 2020-11-16 | CVE-2020-4647 | SQL Injection vulnerability in IBM Sterling File Gateway IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 is vulnerable to SQL injection. | 6.5 |
| 2020-11-16 | CVE-2020-4476 | Unspecified vulnerability in IBM Sterling File Gateway IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.0 |
| 2020-10-20 | CVE-2020-4564 | Cross-site Scripting vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 and IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 are vulnerable to cross-site scripting. | 3.5 |
| 2020-05-14 | CVE-2020-4299 | Information Exposure vulnerability in IBM Sterling File Gateway IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. | 4.0 |
| 2020-05-14 | CVE-2020-4259 | Incorrect Default Permissions vulnerability in IBM Sterling File Gateway IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to. | 4.0 |
| 2019-09-30 | CVE-2019-4423 | Path Traversal vulnerability in IBM Sterling File Gateway IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 could allow a remote attacker to traverse directories on the system. | 5.3 |
| 2019-09-30 | CVE-2019-4280 | Cleartext Transmission of Sensitive Information vulnerability in IBM Sterling File Gateway IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 displays sensitive information in HTTP requests which could be used in further attacks against the system. | 5.3 |
| 2019-09-16 | CVE-2019-4147 | SQL Injection vulnerability in IBM Sterling File Gateway IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. | 7.2 |
| 2018-07-20 | CVE-2018-1563 | Cross-site Scripting vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) is vulnerable to cross-site scripting. | 3.5 |