Cross-Site Scripting Vulnerability in IBM Sterling File Gateway
CVE-2020-4658

6.1MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
16 December 2020

Summary

IBM Sterling File Gateway versions 2.2.0.0 through 6.0.3.2 are susceptible to cross-site scripting, which allows attackers to inject arbitrary JavaScript code into the web interface. This can alter the intended functionality of the application and potentially lead to the disclosure of user credentials during a trusted session, posing significant security risks. Immediate action to mitigate this flaw is recommended.

Affected Version(s)

Sterling File Gateway 2.2.0.0

Sterling File Gateway 6.0.3.2

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.