Description
IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 196944.
CVSS breakdown
CVSS 3.0
Integrity
Low
Attack Complexity
Low
Privileges Required
Low
Attack Vector
Network
User Interaction
None
Availability
Low
Confidentiality
Low
Scope
Unchanged
RL
O
E
Unchanged
RC
Changed
Affected products
- ibm / sterling_file_gateway2.2.0.0 – 2.2.0.0
- ibm / sterling_file_gateway6.0.0.0 – 6.0.0.0
- ibm / sterling_file_gateway5.2.6.5_3 – 5.2.6.5_3
- ibm / sterling_file_gateway6.0.3.4 – 6.0.3.4
- ibm / sterling_file_gateway6.1.0.0 – 6.1.0.0
- ibm / sterling_file_gateway6.1.0.1 – 6.1.0.1