Description
IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVSS breakdown
CVSS 3.0
Integrity
Low
Privileges Required
Low
Availability
Low
Confidentiality
Low
Attack Vector
Network
Attack Complexity
Low
User Interaction
None
Scope
Unchanged
RC
Changed
E
Unchanged
RL
O
Affected products
- ibm / sterling_file_gateway2.2.0.0 – 2.2.0.0
- ibm / sterling_file_gateway6.0.3.2 – 6.0.3.2
- ibm / sterling_file_gateway2.2.6.5 – 2.2.6.5
- ibm / sterling_file_gateway6.0.0.0 – 6.0.0.0