Sign-up

ID

VAR-201712-0245


CVE

CVE-2017-1548


TITLE

IBM Sterling File Gateway Path traversal vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-011057

DESCRIPTION

IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 131288. Vendors have confirmed this vulnerability IBM X-Force ID: 131288 It is released as.Information may be obtained. An attacker can exploit these issues using directory-traversal characters ('../') to access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory or obtain sensitive information and perform other attacks. The software consolidates different centers of file transfer activity and facilitates the secure exchange of file-based data over the Internet

Trust: 1.98

sources: NVD: CVE-2017-1548 // JVNDB: JVNDB-2017-011057 // BID: 102187 // VULHUB: VHN-106306

AFFECTED PRODUCTS

vendor:ibmmodel:sterling file gatewayscope:eqversion:2.2

Trust: 2.7

sources: BID: 102187 // JVNDB: JVNDB-2017-011057 // CNNVD: CNNVD-201712-334 // NVD: CVE-2017-1548

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-1548
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-1548
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201712-334
value: MEDIUM

Trust: 0.6

VULHUB: VHN-106306
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-1548
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-106306
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-1548
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-106306 // JVNDB: JVNDB-2017-011057 // CNNVD: CNNVD-201712-334 // NVD: CVE-2017-1548

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-106306 // JVNDB: JVNDB-2017-011057 // NVD: CVE-2017-1548

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-334

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201712-334

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-011057

PATCH
title:2010738url:http://www-01.ibm.com/support/docview.wss?uid=swg22010738
Trust: 0.8
title:IBM Sterling File Gateway Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77051
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-011057 // 
            
            
            
            CNNVD: CNNVD-201712-334

EXTERNAL IDS
db:NVDid:CVE-2017-1548
Trust: 2.8
db:BIDid:102187
Trust: 1.4
db:JVNDBid:JVNDB-2017-011057
Trust: 0.8
db:CNNVDid:CNNVD-201712-334
Trust: 0.7
db:VULHUBid:VHN-106306
Trust: 0.1
sources:
            
            
            VULHUB: VHN-106306 // 
            
            
            
            BID: 102187 // 
            
            
            
            JVNDB: JVNDB-2017-011057 // 
            
            
            
            CNNVD: CNNVD-201712-334 // 
            
            
            
            NVD: CVE-2017-1548

REFERENCES
url:http://www.ibm.com/support/docview.wss?uid=swg22010738
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/131288
Trust: 1.7
url:http://www.securityfocus.com/bid/102187
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1548
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-1548
Trust: 0.8
url:http://www-03.ibm.com/software/products/us/en/file-gateway/
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg22010738
Trust: 0.3
sources:
            
            
            VULHUB: VHN-106306 // 
            
            
            
            BID: 102187 // 
            
            
            
            JVNDB: JVNDB-2017-011057 // 
            
            
            
            CNNVD: CNNVD-201712-334 // 
            
            
            
            NVD: CVE-2017-1548

CREDITS
IBM and Eduardo Naranjo Pessota.
Trust: 0.3
sources:
            
            
            BID: 102187

SOURCES
db:VULHUBid:VHN-106306
db:BIDid:102187
db:JVNDBid:JVNDB-2017-011057
db:CNNVDid:CNNVD-201712-334
db:NVDid:CVE-2017-1548

LAST UPDATE DATE
2024-11-23T22:00:48.100000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-106306date:2017-12-20T00:00:00
db:BIDid:102187date:2017-12-19T22:01:00
db:JVNDBid:JVNDB-2017-011057date:2018-01-04T00:00:00
db:CNNVDid:CNNVD-201712-334date:2017-12-12T00:00:00
db:NVDid:CVE-2017-1548date:2024-11-21T03:22:03.390

SOURCES RELEASE DATE
db:VULHUBid:VHN-106306date:2017-12-11T00:00:00
db:BIDid:102187date:2017-11-20T00:00:00
db:JVNDBid:JVNDB-2017-011057date:2018-01-04T00:00:00
db:CNNVDid:CNNVD-201712-334date:2017-12-12T00:00:00
db:NVDid:CVE-2017-1548date:2017-12-11T21:29:00.407