Cross-Site Scripting Vulnerability in IBM Sterling File Gateway
CVE-2020-4658

6.1MEDIUM

Key Information:

Vendor: IBM
Status: Sterling File Gateway
Vendor: CVE Published:; 16 December 2020

What is CVE-2020-4658?

IBM Sterling File Gateway versions 2.2.0.0 through 6.0.3.2 are susceptible to cross-site scripting, which allows attackers to inject arbitrary JavaScript code into the web interface. This can alter the intended functionality of the application and potentially lead to the disclosure of user credentials during a trusted session, posing significant security risks. Immediate action to mitigate this flaw is recommended.

Affected Version(s)

Sterling File Gateway 2.2.0.0

Sterling File Gateway 6.0.3.2

References

https://www.ibm.com/support/pages/node/6382416

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/186095

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2020
Vulnerability Reserved
Dec 30, 2019