Sign-up

ID

VAR-201712-0247


CVE

CVE-2017-1550


TITLE

IBM Sterling File Gateway Vulnerabilities related to security functions

Trust: 0.8

sources: JVNDB: JVNDB-2017-011059

DESCRIPTION

IBM Sterling File Gateway 2.2 could allow an authenticated user to change other user's passwords. IBM X-Force ID: 131290. Vendors have confirmed this vulnerability IBM X-Force ID: 131290 It is released as.Information may be tampered with. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. The software consolidates different centers of file transfer activity and facilitates the secure exchange of file-based data over the Internet. An attacker could exploit this vulnerability to change other users' passwords

Trust: 1.98

sources: NVD: CVE-2017-1550 // JVNDB: JVNDB-2017-011059 // BID: 102184 // VULHUB: VHN-106328

AFFECTED PRODUCTS

vendor:ibmmodel:sterling file gatewayscope:eqversion:2.2

Trust: 2.7

sources: BID: 102184 // JVNDB: JVNDB-2017-011059 // CNNVD: CNNVD-201712-333 // NVD: CVE-2017-1550

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-1550
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-1550
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201712-333
value: MEDIUM

Trust: 0.6

VULHUB: VHN-106328
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-1550
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-106328
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-1550
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-106328 // JVNDB: JVNDB-2017-011059 // CNNVD: CNNVD-201712-333 // NVD: CVE-2017-1550

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-254

Trust: 0.9

sources: VULHUB: VHN-106328 // JVNDB: JVNDB-2017-011059 // NVD: CVE-2017-1550

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-333

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201712-333

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-011059

PATCH
title:2010758url:http://www-01.ibm.com/support/docview.wss?uid=swg22010758
Trust: 0.8
title:IBM Sterling File Gateway Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77050
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-011059 // 
            
            
            
            CNNVD: CNNVD-201712-333

EXTERNAL IDS
db:NVDid:CVE-2017-1550
Trust: 2.8
db:BIDid:102184
Trust: 2.0
db:JVNDBid:JVNDB-2017-011059
Trust: 0.8
db:CNNVDid:CNNVD-201712-333
Trust: 0.7
db:VULHUBid:VHN-106328
Trust: 0.1
sources:
            
            
            VULHUB: VHN-106328 // 
            
            
            
            BID: 102184 // 
            
            
            
            JVNDB: JVNDB-2017-011059 // 
            
            
            
            CNNVD: CNNVD-201712-333 // 
            
            
            
            NVD: CVE-2017-1550

REFERENCES
url:http://www.securityfocus.com/bid/102184
Trust: 1.7
url:http://www.ibm.com/support/docview.wss?uid=swg22010758
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/131290
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1550
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-1550
Trust: 0.8
url:http://www-03.ibm.com/software/products/us/en/file-gateway/
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg22010758
Trust: 0.3
sources:
            
            
            VULHUB: VHN-106328 // 
            
            
            
            BID: 102184 // 
            
            
            
            JVNDB: JVNDB-2017-011059 // 
            
            
            
            CNNVD: CNNVD-201712-333 // 
            
            
            
            NVD: CVE-2017-1550

CREDITS
IBM
Trust: 0.3
sources:
            
            
            BID: 102184

SOURCES
db:VULHUBid:VHN-106328
db:BIDid:102184
db:JVNDBid:JVNDB-2017-011059
db:CNNVDid:CNNVD-201712-333
db:NVDid:CVE-2017-1550

LAST UPDATE DATE
2024-11-23T22:34:26.796000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-106328date:2019-10-03T00:00:00
db:BIDid:102184date:2017-12-19T22:38:00
db:JVNDBid:JVNDB-2017-011059date:2018-01-04T00:00:00
db:CNNVDid:CNNVD-201712-333date:2019-10-23T00:00:00
db:NVDid:CVE-2017-1550date:2024-11-21T03:22:03.620

SOURCES RELEASE DATE
db:VULHUBid:VHN-106328date:2017-12-11T00:00:00
db:BIDid:102184date:2017-11-20T00:00:00
db:JVNDBid:JVNDB-2017-011059date:2018-01-04T00:00:00
db:CNNVDid:CNNVD-201712-333date:2017-12-12T00:00:00
db:NVDid:CVE-2017-1550date:2017-12-11T21:29:00.487