Cross-Site Scripting Vulnerability in IBM Sterling File Gateway
CVE-2021-20481

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Sterling File Gateway
Vendor: CVE Published:; 7 October 2021

Summary

The IBM Sterling File Gateway is subjected to a cross-site scripting vulnerability that affects versions between 2.2.0.0 and 6.1.1.0. This flaw allows malicious users to inject arbitrary JavaScript code into the Web UI, potentially compromising the integrity of information exchanged and leading to credential theft in trusted sessions. Organizations utilizing these affected versions are urged to implement necessary measures to mitigate this risk and shield their sensitive data.

Affected Version(s)

Sterling File Gateway 2.2.0.0

Sterling File Gateway 6.0.1.0

Sterling File Gateway 6.0.0.0

References

https://www.ibm.com/support/pages/node/6496781

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/197503

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 7, 2021
Vulnerability Reserved
Dec 17, 2020