CVE-2017-1575Use of a Broken or Risky Cryptographic Algorithm in IBM Sterling File Gateway

CWE-327Use of a Broken or Risky Cryptographic Algorithm3 documents3 sources
Severity
5.5MEDIUMNVD
CNA5.1
EPSS
0.0%
top 93.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Sterling File Gateway
Timeline
PublishedJul 20
Latest updateMay 13

Description

IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) uses weaker than expected cryptographic algorithms that could allow a local attacker to decrypt highly sensitive information. IBM X-Force ID: 132032.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDibm/sterling_file_gateway2.2.02.2.6
CVEListV5ibm/sterling_file_gateway2.2.0, 2.2.6+1

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-92cp-f5fr-233x: IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 22022-05-13
CVEList
CVE-2017-1575: IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 22018-07-20
CVE-2017-1575 — IBM Sterling File Gateway vulnerability | cvebase