Information disclosure security vulnerability affects IBM Sterling Filegateway.
CVEID: CVE-2018-1470 DESCRIPTION: IBM Sterling File Gateway could allow a remote authenticated attacker to obtain sensitive information displayed in the URL that could lead to further attacks against the system.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140688> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2017-1544 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition caches usernames and passwords in browsers that could be used by a local attacker to obtain sensitive information.
CVSS Base Score: 2.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/130812> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2017-1575 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition uses weaker than expected cryptographic algorithms that could allow a local attacker to decrypt highly sensitive information.
CVSS Base Score: 5.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/132032> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
IBM Sterling File Gateway 2.2.0 - 2.2.6
PRODUCT & Version
|
APAR
|
Remediation/Fix
—|—|—
IBM Sterling File Gateway 2.2.0 - 2.2.6
| IIT24279, IT25642, IT24705 |
Apply Fix Pack 5020603_6 available on Fix Central
None