Cross-Site Scripting Vulnerability in IBM Sterling File Gateway
CVE-2021-20561

5.4MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
7 October 2021

Summary

IBM Sterling File Gateway, versions 2.2.0.0 through 6.1.1.0, is susceptible to a cross-site scripting issue. This flaw allows an attacker to inject arbitrary JavaScript into the web application's user interface. As a result, this could alter the application's intended behavior, potentially compromising user credentials during a trusted session. This vulnerability emphasizes the importance of securing web applications against XSS attacks to protect sensitive user information.

Affected Version(s)

Sterling File Gateway 2.2.0.0

Sterling File Gateway 6.0.1.0

Sterling File Gateway 6.0.0.0

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.