Cross-Site Scripting Vulnerability in IBM Sterling File Gateway
CVE-2021-20561

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Sterling File Gateway
Vendor: CVE Published:; 7 October 2021

What is CVE-2021-20561?

IBM Sterling File Gateway, versions 2.2.0.0 through 6.1.1.0, is susceptible to a cross-site scripting issue. This flaw allows an attacker to inject arbitrary JavaScript into the web application's user interface. As a result, this could alter the application's intended behavior, potentially compromising user credentials during a trusted session. This vulnerability emphasizes the importance of securing web applications against XSS attacks to protect sensitive user information.

Affected Version(s)

Sterling File Gateway 2.2.0.0

Sterling File Gateway 6.0.1.0

Sterling File Gateway 6.0.0.0

References

https://www.ibm.com/support/pages/node/6496759

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/199230

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 7, 2021
Vulnerability Reserved
Dec 17, 2020