Vulnerabilities > IBM > Sterling File Gateway > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-01-27 CVE-2023-47159 Response Discrepancy Information Exposure vulnerability in IBM Sterling File Gateway
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to enumerate usernames due to an observable discrepancy in request responses.
network
low complexity
ibm CWE-204
4.3
4.3
2025-01-27 CVE-2023-52292 Cross-site Scripting vulnerability in IBM Sterling File Gateway
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2025-01-27 CVE-2024-22316 Improper Access Control vulnerability in IBM Sterling File Gateway
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls.
network
low complexity
ibm CWE-284
4.3
4.3
2024-04-12 CVE-2023-47714 Unspecified vulnerability in IBM Sterling File Gateway
IBM Sterling File Gateway 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting.
network
low complexity
ibm
5.4
5.4
2022-08-16 CVE-2021-39086 Information Exposure Through an Error Message vulnerability in IBM Sterling File Gateway
IBM Sterling File Gateway 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
5.3
5.3
2021-10-08 CVE-2020-4654 Unspecified vulnerability in IBM Sterling File Gateway
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information due to improper permission control.
network
low complexity
ibm
6.5
6.5
2021-10-07 CVE-2021-20473 Insufficient Session Expiration vulnerability in IBM Sterling File Gateway
IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
6.5
6.5
2021-10-07 CVE-2021-20481 Cross-site Scripting vulnerability in IBM Sterling File Gateway
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
6.1
2021-10-07 CVE-2021-20552 Information Exposure Through an Error Message vulnerability in IBM Sterling File Gateway
IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
4.3
4.3
2021-09-23 CVE-2021-20484 Cross-site Scripting vulnerability in IBM Sterling File Gateway
IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4