Server Path Disclosure in IBM Sterling File Gateway Product
CVE-2024-47109
5.3MEDIUM
Summary
A security issue has been identified in IBM Sterling File Gateway versions 6.0.0.0 to 6.1.2.6 and 6.2.0.0 to 6.2.0.3 that enables unauthorized disclosure of the server's installation path. This vulnerability could potentially allow attackers to gather sensitive information which may facilitate further attacks against the affected system. Proper configuration and security measures should be implemented to mitigate associated risks.
Affected Version(s)
Sterling File Gateway 6.0.0.0 <= 6.1.2.6
Sterling File Gateway 6.2.0.0 <= 6.2.0.3
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved