Server Path Disclosure in IBM Sterling File Gateway Product
CVE-2024-47109

5.3MEDIUM

Key Information:

Vendor: IBM
Status: Sterling File Gateway
Vendor: CVE Published:; 10 March 2025

Summary

A security issue has been identified in IBM Sterling File Gateway versions 6.0.0.0 to 6.1.2.6 and 6.2.0.0 to 6.2.0.3 that enables unauthorized disclosure of the server's installation path. This vulnerability could potentially allow attackers to gather sensitive information which may facilitate further attacks against the affected system. Proper configuration and security measures should be implemented to mitigate associated risks.

Affected Version(s)

Sterling File Gateway 6.0.0.0 <= 6.1.2.6

Sterling File Gateway 6.2.0.0 <= 6.2.0.3

References

https://www.ibm.com/support/pages/node/7185259

vendor-advisory

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 10, 2025
Vulnerability Reserved
Sep 18, 2024