Remote File Upload Vulnerability in IBM Sterling File Gateway
CVE-2021-20584

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Sterling File Gateway
Vendor: CVE Published:; 7 October 2021

Summary

IBM Sterling File Gateway versions 2.2.0.0 through 6.1.1.0 are exposed to a vulnerability that enables a remote attacker to upload arbitrary files due to inadequate access controls. This flaw poses significant risks by allowing unauthorized users to potentially execute malicious scripts or upload harmful files, leading to further compromise of the system. Enhanced security measures and timely updates are essential to mitigate this vulnerability.

Affected Version(s)

Sterling File Gateway 2.2.0.0

Sterling File Gateway 6.0.1.0

Sterling File Gateway 6.0.0.0

References

https://www.ibm.com/support/pages/node/6496751

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/199397

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 7, 2021
Vulnerability Reserved
Dec 17, 2020