Sign-up

ID

VAR-201712-0492


CVE

CVE-2017-1487


TITLE

IBM Sterling File Gateway Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-010934

DESCRIPTION

IBM Sterling File Gateway 2.2 could allow an authenticated attacker to obtain sensitive information such as login ids on the system. IBM X-Force ID: 128626. Vendors have confirmed this vulnerability IBM X-Force ID: 128626 It is released as.Information may be obtained. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. The software consolidates different centers of file transfer activity and facilitates the secure exchange of file-based data over the Internet

Trust: 1.98

sources: NVD: CVE-2017-1487 // JVNDB: JVNDB-2017-010934 // BID: 102036 // VULHUB: VHN-105635

AFFECTED PRODUCTS

vendor:ibmmodel:sterling file gatewayscope:eqversion:2.2

Trust: 2.7

sources: BID: 102036 // JVNDB: JVNDB-2017-010934 // CNNVD: CNNVD-201712-104 // NVD: CVE-2017-1487

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-1487
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-1487
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201712-104
value: MEDIUM

Trust: 0.6

VULHUB: VHN-105635
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-1487
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-105635
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-1487
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-105635 // JVNDB: JVNDB-2017-010934 // CNNVD: CNNVD-201712-104 // NVD: CVE-2017-1487

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-105635 // JVNDB: JVNDB-2017-010934 // NVD: CVE-2017-1487

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-104

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201712-104

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010934

PATCH
title:2010552url:http://www-01.ibm.com/support/docview.wss?uid=swg22010552
Trust: 0.8
title:IBM Sterling File Gateway Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76928
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-010934 // 
            
            
            
            CNNVD: CNNVD-201712-104

EXTERNAL IDS
db:NVDid:CVE-2017-1487
Trust: 2.8
db:BIDid:102036
Trust: 2.0
db:JVNDBid:JVNDB-2017-010934
Trust: 0.8
db:CNNVDid:CNNVD-201712-104
Trust: 0.7
db:VULHUBid:VHN-105635
Trust: 0.1
sources:
            
            
            VULHUB: VHN-105635 // 
            
            
            
            BID: 102036 // 
            
            
            
            JVNDB: JVNDB-2017-010934 // 
            
            
            
            CNNVD: CNNVD-201712-104 // 
            
            
            
            NVD: CVE-2017-1487

REFERENCES
url:http://www.securityfocus.com/bid/102036
Trust: 1.7
url:http://www.ibm.com/support/docview.wss?uid=swg22010552
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/128626
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1487
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-1487
Trust: 0.8
url:http://www-03.ibm.com/software/products/us/en/file-gateway/
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg22010552
Trust: 0.3
sources:
            
            
            VULHUB: VHN-105635 // 
            
            
            
            BID: 102036 // 
            
            
            
            JVNDB: JVNDB-2017-010934 // 
            
            
            
            CNNVD: CNNVD-201712-104 // 
            
            
            
            NVD: CVE-2017-1487

CREDITS
IBM
Trust: 0.9
sources:
            
            
            BID: 102036 // 
            
            
            
            CNNVD: CNNVD-201712-104

SOURCES
db:VULHUBid:VHN-105635
db:BIDid:102036
db:JVNDBid:JVNDB-2017-010934
db:CNNVDid:CNNVD-201712-104
db:NVDid:CVE-2017-1487

LAST UPDATE DATE
2024-11-23T22:00:48.040000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-105635date:2017-12-18T00:00:00
db:BIDid:102036date:2017-12-19T22:37:00
db:JVNDBid:JVNDB-2017-010934date:2017-12-27T00:00:00
db:CNNVDid:CNNVD-201712-104date:2017-12-07T00:00:00
db:NVDid:CVE-2017-1487date:2024-11-21T03:21:57.390

SOURCES RELEASE DATE
db:VULHUBid:VHN-105635date:2017-12-07T00:00:00
db:BIDid:102036date:2017-11-20T00:00:00
db:JVNDBid:JVNDB-2017-010934date:2017-12-27T00:00:00
db:CNNVDid:CNNVD-201712-104date:2017-12-07T00:00:00
db:NVDid:CVE-2017-1487date:2017-12-07T15:29:01.157