Sign-up

ID

VAR-201712-0246


CVE

CVE-2017-1549


TITLE

IBM Sterling File Gateway Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2017-011058

DESCRIPTION

IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131289. Vendors have confirmed this vulnerability IBM X-Force ID: 131289 It is released as.Information may be obtained and information may be altered. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The software consolidates different centers of file transfer activity and facilitates the secure exchange of file-based data over the Internet. The vulnerability stems from the fact that the program does not filter input submitted by users

Trust: 1.98

sources: NVD: CVE-2017-1549 // JVNDB: JVNDB-2017-011058 // BID: 102037 // VULHUB: VHN-106317

AFFECTED PRODUCTS

vendor:ibmmodel:sterling file gatewayscope:eqversion:2.2

Trust: 2.7

sources: BID: 102037 // JVNDB: JVNDB-2017-011058 // CNNVD: CNNVD-201712-103 // NVD: CVE-2017-1549

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-1549
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-1549
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201712-103
value: LOW

Trust: 0.6

VULHUB: VHN-106317
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-1549
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-106317
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-1549
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-106317 // JVNDB: JVNDB-2017-011058 // CNNVD: CNNVD-201712-103 // NVD: CVE-2017-1549

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-106317 // JVNDB: JVNDB-2017-011058 // NVD: CVE-2017-1549

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-103

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201712-103

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-011058

PATCH
title:2010759url:http://www-01.ibm.com/support/docview.wss?uid=swg22010759
Trust: 0.8
title:IBM Sterling File Gateway Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76927
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-011058 // 
            
            
            
            CNNVD: CNNVD-201712-103

EXTERNAL IDS
db:NVDid:CVE-2017-1549
Trust: 2.8
db:BIDid:102037
Trust: 2.0
db:JVNDBid:JVNDB-2017-011058
Trust: 0.8
db:CNNVDid:CNNVD-201712-103
Trust: 0.7
db:VULHUBid:VHN-106317
Trust: 0.1
sources:
            
            
            VULHUB: VHN-106317 // 
            
            
            
            BID: 102037 // 
            
            
            
            JVNDB: JVNDB-2017-011058 // 
            
            
            
            CNNVD: CNNVD-201712-103 // 
            
            
            
            NVD: CVE-2017-1549

REFERENCES
url:http://www.securityfocus.com/bid/102037
Trust: 1.7
url:http://www.ibm.com/support/docview.wss?uid=swg22010759
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/131289
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1549
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-1549
Trust: 0.8
url:http://www.ibm.com/
Trust: 0.3
url:http://www-03.ibm.com/software/products/us/en/file-gateway/
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg22010759
Trust: 0.3
sources:
            
            
            VULHUB: VHN-106317 // 
            
            
            
            BID: 102037 // 
            
            
            
            JVNDB: JVNDB-2017-011058 // 
            
            
            
            CNNVD: CNNVD-201712-103 // 
            
            
            
            NVD: CVE-2017-1549

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 102037

SOURCES
db:VULHUBid:VHN-106317
db:BIDid:102037
db:JVNDBid:JVNDB-2017-011058
db:CNNVDid:CNNVD-201712-103
db:NVDid:CVE-2017-1549

LAST UPDATE DATE
2024-11-23T22:22:20.687000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-106317date:2017-12-20T00:00:00
db:BIDid:102037date:2017-12-19T22:01:00
db:JVNDBid:JVNDB-2017-011058date:2018-01-04T00:00:00
db:CNNVDid:CNNVD-201712-103date:2017-12-07T00:00:00
db:NVDid:CVE-2017-1549date:2024-11-21T03:22:03.510

SOURCES RELEASE DATE
db:VULHUBid:VHN-106317date:2017-12-11T00:00:00
db:BIDid:102037date:2017-11-20T00:00:00
db:JVNDBid:JVNDB-2017-011058date:2018-01-04T00:00:00
db:CNNVDid:CNNVD-201712-103date:2017-12-07T00:00:00
db:NVDid:CVE-2017-1549date:2017-12-11T21:29:00.453