CVE-2020-4259Incorrect Default Permissions in IBM Sterling File Gateway

CWE-276Incorrect Default Permissions3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 71.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Sterling File Gateway
Timeline
PublishedMay 14
Latest updateMay 24

Description

IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to. IBM X-Force ID: 175638.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDibm/sterling_file_gateway2.2.0.02.2.6.5_1+1
CVEListV5ibm/sterling_file_gateway2.2.0.0, 6.0.3.1+1

🔴Vulnerability Details

2
GHSA
GHSA-f7gq-m8w9-39fh: IBM Sterling File Gateway 22022-05-24
CVEList
CVE-2020-4259: IBM Sterling File Gateway 22020-05-14
CVE-2020-4259 — Incorrect Default Permissions in IBM | cvebase