CVE-2024-47109

EPSS 0.08%
Published 10.03.2025 16:01:42
Last modified 25.07.2025 18:11:23
Source psirt@us.ibm.com
Teams watchlist Login
Open Login

IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 UI could disclosure the installation path of the server which could aid in further attacks against the system.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Sterling File Gateway Version >= 6.0.0.0 < 6.1.2.7

   Ibm ≫ Aix Version-
   Linux ≫ Linux Kernel Version-
   Microsoft ≫ Windows Version-

Ibm ≫ Sterling File Gateway Version >= 6.2.0.0 < 6.2.0.4

   Ibm ≫ Aix Version-
   Linux ≫ Linux Kernel Version-
   Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.08%	0.232

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
psirt@us.ibm.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://www.ibm.com/support/pages/node/7185259

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-47109

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-47109

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-47109

EUVD