Description
IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to. IBM X-Force ID: 175638.
CVSS breakdown
CVSS 3.0
Attack Vector
Network
User Interaction
None
Scope
Unchanged
Confidentiality
None
Privileges Required
Low
Availability
None
Attack Complexity
Low
Integrity
High
RC
Changed
RL
O
E
Unchanged
Affected products
- ibm / sterling_file_gateway2.2.0.0 – 2.2.0.0
- ibm / sterling_file_gateway6.0.3.1 – 6.0.3.1