Server Path Disclosure in IBM Sterling File Gateway Product
CVE-2024-47109

5.3MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
10 March 2025

Summary

A security issue has been identified in IBM Sterling File Gateway versions 6.0.0.0 to 6.1.2.6 and 6.2.0.0 to 6.2.0.3 that enables unauthorized disclosure of the server's installation path. This vulnerability could potentially allow attackers to gather sensitive information which may facilitate further attacks against the affected system. Proper configuration and security measures should be implemented to mitigate associated risks.

Affected Version(s)

Sterling File Gateway 6.0.0.0 <= 6.1.2.6

Sterling File Gateway 6.2.0.0 <= 6.2.0.3

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.