Ibm

Sterling File Gateway

85 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2017-1549

  • EPSS 0.29%
  • Veröffentlicht 11.12.2017 21:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trus...

5.3

CVE-2017-1548

  • EPSS 0.5%
  • Veröffentlicht 11.12.2017 21:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 131...

4.3

CVE-2017-1497

  • EPSS 0.19%
  • Veröffentlicht 07.12.2017 15:29:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Sterling File Gateway 2.2 could allow an unauthorized user to view files they should not have access to providing they know the directory location of the file. IBM X-Force ID: 128695.

6.5

CVE-2017-1487

  • EPSS 0.24%
  • Veröffentlicht 07.12.2017 15:29:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Sterling File Gateway 2.2 could allow an authenticated attacker to obtain sensitive information such as login ids on the system. IBM X-Force ID: 128626.

6.5

CVE-2015-0194

  • EPSS 0.19%
  • Veröffentlicht 02.08.2017 19:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data.

5

CVE-2014-6199

  • EPSS 1.88%
  • Veröffentlicht 10.01.2015 02:59:27
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The HTTP Server Adapter in IBM Sterling B2B Integrator 5.1 and 5.2.x and Sterling File Gateway 2.1 and 2.2 allows remote attackers to cause a denial of service (connection-slot exhaustion) via a crafted HTTP request.

4.3

CVE-2013-5413

  • EPSS 0.27%
  • Veröffentlicht 21.12.2013 14:22:57
  • Zuletzt bearbeitet 11.04.2025 00:51:21

IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not invalidate a session upon a logout action, which allows remote attackers to bypass authentication by leveraging an unattended workstation.

4.3

CVE-2013-5411

  • EPSS 0.25%
  • Veröffentlicht 21.12.2013 14:22:56
  • Zuletzt bearbeitet 11.04.2025 00:51:21

IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote attackers to inject links and trigger unintended navigation or actions via unspecified vectors.

6.5

CVE-2013-5409

  • EPSS 0.31%
  • Veröffentlicht 21.12.2013 14:22:56
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

4.9

CVE-2013-5407

  • EPSS 0.15%
  • Veröffentlicht 21.12.2013 14:22:56
  • Zuletzt bearbeitet 11.04.2025 00:51:21

IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not properly restrict use of FRAME elements, which allows remote authenticated users to bypass intended access restrictions or obtain sensitive information via a crafted web site, relat...