CVE-2024-22316 — Incorrect Authorization in IBM Sterling File Gateway

CWE-863 — Incorrect Authorization CWE-284 — Improper Access Control3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 74.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Sterling File Gateway

Timeline

PublishedJan 27

Description

IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5ibm/sterling_file_gateway6.0.0.0 — 6.1.2.5+1

▶NVDibm/sterling_file_gateway6.0.0.0 — 6.1.2.5+1

🔴Vulnerability Details

CVEList

IBM Sterling File Gateway improper access control↗2025-01-27

▶

GHSA

GHSA-p5mg-83xj-vfq6: IBM Sterling File Gateway 6↗2025-01-27

▶