CVE-2021-20375

Description

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept and replace a message sent by another user due to improper access controls. IBM X-Force ID: 195567.

CVSS breakdown

CVSS 3.0

Scope

Unchanged

Confidentiality

None

Availability

None

User Interaction

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

Integrity

High

Changed

Unchanged

Affected products

ibm / sterling_file_gateway2.2.0.0 – 2.2.0.0
ibm / sterling_file_gateway6.0.0.0 – 6.0.0.0
ibm / sterling_file_gateway5.2.6.5_3 – 5.2.6.5_3
ibm / sterling_file_gateway6.0.3.4 – 6.0.3.4
ibm / sterling_file_gateway6.1.0.0 – 6.1.0.0
ibm / sterling_file_gateway6.1.0.1 – 6.1.0.1

References

MISChttps://www.ibm.com/support/pages/node/6496803
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/195567