CVE-2021-20473Insufficient Session Expiration in IBM Sterling File Gateway

CWE-613Insufficient Session Expiration3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 74.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Sterling File Gateway
Timeline
PublishedOct 7
Latest updateMay 24

Description

IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 196944.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDibm/sterling_file_gateway2.2.0.05.2.6.5_3+2
CVEListV5ibm/sterling_file_gateway6 versions+5

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-332g-g9j2-2jvj: IBM Sterling File Gateway User Interface 22022-05-24
CVEList
CVE-2021-20473: IBM Sterling File Gateway User Interface 22021-10-07