Lucene search
IBM10115E290A9565C87E5E79C3CD359688511CB2E154B16479A8643DC656BEA729HistoryNov 13, 2020 - 7:45 p.m.
Security Bulletin: Information Disclosure Vulnerability Affects IBM Sterling File Gateway (CVE-2020-4476)
2020-11-1319:45:00
www.ibm.com
13
ibm sterling file gateway
information disclosure
vulnerability
fix
remote attacker
sensitive information
error message
browser
attack
system
affected products
versions
remediation
apar
ibm sterling b2b integrator
fix central
EPSS
0.003
Percentile
70.5%
Summary
IBM Sterling File Gateway has addressed a information dislcoure vulnerability.
Vulnerability Details
CVEID:CVE-2020-4476
**DESCRIPTION:**IBM Sterling File Gateway could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181778 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Sterling File Gateway | 6.0.0.0 - 6.0.3.2 |
| IBM Sterling File Gateway | 2.2.0.0 - 2.2.6.5_2 |
Remediation/Fixes
| Product & Version | APAR | ** Remediation & Fix** |
|---|---|---|
| 2.2.0.0 - 2.2.6.5_2 | IT32732 | Apply IBM Sterling B2B Integrator version 5.2.6.5_3, 6.0.3.3 or 6.1.0.0 on Fix Central |
| 6.0.0.0 - 6.0.3.2 | IT32732 | Apply IBM Sterling B2B Integrator version 6.0.3.3 or 6.1.0.0 on Fix Central |
Workarounds and Mitigations
None
Related
nvd
nvd
CVE-2020-4476
2020-11-16 17:15:13
cve
cve
CVE-2020-4476
2020-11-16 17:15:13
cvelist
cvelist
CVE-2020-4476
2020-11-16 16:40:33
prion
prion
Information disclosure
2020-11-16 17:15:00
EPSS
0.003
Percentile
70.5%
Related for 10115E290A9565C87E5E79C3CD359688511CB2E154B16479A8643DC656BEA729