Sign-up

ID

VAR-201712-0471


CVE

CVE-2017-1497


TITLE

IBM Sterling File Gateway Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-010935

DESCRIPTION

IBM Sterling File Gateway 2.2 could allow an unauthorized user to view files they should not have access to providing they know the directory location of the file. IBM X-Force ID: 128695. Vendors have confirmed this vulnerability IBM X-Force ID: 128695 It is released as.Information may be obtained. An attacker can exploit these issues using directory-traversal characters ('../') to access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory or obtain sensitive information and perform other attacks. The software consolidates different centers of file transfer activity and facilitates the secure exchange of file-based data over the Internet

Trust: 1.98

sources: NVD: CVE-2017-1497 // JVNDB: JVNDB-2017-010935 // BID: 102187 // VULHUB: VHN-105745

AFFECTED PRODUCTS

vendor:ibmmodel:sterling file gatewayscope:eqversion:2.2

Trust: 2.7

sources: BID: 102187 // JVNDB: JVNDB-2017-010935 // CNNVD: CNNVD-201712-219 // NVD: CVE-2017-1497

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-1497
value: LOW

Trust: 1.0

NVD: CVE-2017-1497
value: LOW

Trust: 0.8

CNNVD: CNNVD-201712-219
value: MEDIUM

Trust: 0.6

VULHUB: VHN-105745
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-1497
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-105745
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-1497
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-105745 // JVNDB: JVNDB-2017-010935 // CNNVD: CNNVD-201712-219 // NVD: CVE-2017-1497

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-105745 // JVNDB: JVNDB-2017-010935 // NVD: CVE-2017-1497

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-219

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201712-219

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010935

PATCH
title:2010738url:http://www-01.ibm.com/support/docview.wss?uid=swg22010738
Trust: 0.8
title:IBM Sterling File Gateway Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76998
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-010935 // 
            
            
            
            CNNVD: CNNVD-201712-219

EXTERNAL IDS
db:NVDid:CVE-2017-1497
Trust: 2.8
db:BIDid:102187
Trust: 1.4
db:JVNDBid:JVNDB-2017-010935
Trust: 0.8
db:CNNVDid:CNNVD-201712-219
Trust: 0.7
db:VULHUBid:VHN-105745
Trust: 0.1
sources:
            
            
            VULHUB: VHN-105745 // 
            
            
            
            BID: 102187 // 
            
            
            
            JVNDB: JVNDB-2017-010935 // 
            
            
            
            CNNVD: CNNVD-201712-219 // 
            
            
            
            NVD: CVE-2017-1497

REFERENCES
url:http://www.ibm.com/support/docview.wss?uid=swg22010738
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/128695
Trust: 1.7
url:http://www.securityfocus.com/bid/102187
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1497
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-1497
Trust: 0.8
url:http://www-03.ibm.com/software/products/us/en/file-gateway/
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg22010738
Trust: 0.3
sources:
            
            
            VULHUB: VHN-105745 // 
            
            
            
            BID: 102187 // 
            
            
            
            JVNDB: JVNDB-2017-010935 // 
            
            
            
            CNNVD: CNNVD-201712-219 // 
            
            
            
            NVD: CVE-2017-1497

CREDITS
IBM and Eduardo Naranjo Pessota.
Trust: 0.3
sources:
            
            
            BID: 102187

SOURCES
db:VULHUBid:VHN-105745
db:BIDid:102187
db:JVNDBid:JVNDB-2017-010935
db:CNNVDid:CNNVD-201712-219
db:NVDid:CVE-2017-1497

LAST UPDATE DATE
2024-11-23T22:00:48.070000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-105745date:2017-12-18T00:00:00
db:BIDid:102187date:2017-12-19T22:01:00
db:JVNDBid:JVNDB-2017-010935date:2017-12-27T00:00:00
db:CNNVDid:CNNVD-201712-219date:2017-12-08T00:00:00
db:NVDid:CVE-2017-1497date:2024-11-21T03:21:58.603

SOURCES RELEASE DATE
db:VULHUBid:VHN-105745date:2017-12-07T00:00:00
db:BIDid:102187date:2017-11-20T00:00:00
db:JVNDBid:JVNDB-2017-010935date:2017-12-27T00:00:00
db:CNNVDid:CNNVD-201712-219date:2017-12-08T00:00:00
db:NVDid:CVE-2017-1497date:2017-12-07T15:29:01.237