Stored Cross-Site Scripting in IBM Sterling File Gateway
CVE-2023-52292

6.4MEDIUM

Key Information:

Vendor: IBM
Status: Sterling File Gateway
Vendor: CVE Published:; 27 January 2025

Summary

IBM Sterling File Gateway versions 6.0.0.0 to 6.1.2.5 and 6.2.0.0 to 6.2.0.3 are impacted by a stored cross-site scripting vulnerability. This allows attackers to inject malicious JavaScript into the Web UI, which can manipulate the page's behavior and may facilitate the disclosure of user credentials during a trusted session. Such vulnerabilities can increase the risk of session hijacking and other malicious activities within the application.

Affected Version(s)

Sterling File Gateway 6.0.0.0 <= 6.1.2.5

Sterling File Gateway 6.2.0.0 <= 6.2.0.3

References

https://www.ibm.com/support/pages/node/7176079

vendor-advisory

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 27, 2025
Vulnerability Reserved
Dec 31, 2023