Cross-Site Scripting Vulnerability in IBM Sterling File Gateway
CVE-2021-20484

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Sterling File Gateway
Vendor: CVE Published:; 23 September 2021

What is CVE-2021-20484?

IBM Sterling File Gateway versions 2.2.0.0 to 6.1.0.3 are affected by a cross-site scripting vulnerability that enables an attacker to inject arbitrary JavaScript code into the Web UI. This flaw can be exploited to manipulate the application's behavior, potentially allowing for the disclosure of user credentials in a trusted session. The vulnerability underscores the importance of input validation and user input sanitization to prevent unauthorized script execution.

Affected Version(s)

Sterling File Gateway 2.2.0.0

Sterling File Gateway 6.1.0.3

References

https://www.ibm.com/support/pages/node/6491647

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/197666

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2021
Vulnerability Reserved
Dec 17, 2020