Improper Access Control in IBM Sterling File Gateway Allows Message Manipulation
CVE-2021-20375

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Sterling File Gateway
Vendor: CVE Published:; 7 October 2021

What is CVE-2021-20375?

The vulnerability in IBM Sterling File Gateway allows authenticated users to exploit improper access controls, enabling them to intercept and manipulate messages intended for other users. This lapse in security can potentially compromise sensitive information and disrupt communication within the system. Organizations using affected versions should consider immediate remediation steps to safeguard their data integrity and maintain trust in their communications.

Affected Version(s)

Sterling File Gateway 2.2.0.0

Sterling File Gateway 6.0.0.0

Sterling File Gateway 5.2.6.5_3

References

https://www.ibm.com/support/pages/node/6496803

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/195567

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 7, 2021
Vulnerability Reserved
Dec 17, 2020