Sign-up

ID

VAR-201712-0707


CVE

CVE-2017-1632


TITLE

IBM Sterling File Gateway Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2017-011288

DESCRIPTION

IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133178. Vendors have confirmed this vulnerability IBM X-Force ID: 133178 It is released as.Information may be obtained and information may be altered. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The software consolidates different centers of file transfer activity and facilitates the secure exchange of file-based data over the Internet

Trust: 1.98

sources: NVD: CVE-2017-1632 // JVNDB: JVNDB-2017-011288 // BID: 102191 // VULHUB: VHN-107230

AFFECTED PRODUCTS

vendor:ibmmodel:sterling file gatewayscope:eqversion:2.2

Trust: 2.7

sources: BID: 102191 // JVNDB: JVNDB-2017-011288 // CNNVD: CNNVD-201712-330 // NVD: CVE-2017-1632

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-1632
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-1632
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201712-330
value: LOW

Trust: 0.6

VULHUB: VHN-107230
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-1632
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-107230
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-1632
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-107230 // JVNDB: JVNDB-2017-011288 // CNNVD: CNNVD-201712-330 // NVD: CVE-2017-1632

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-107230 // JVNDB: JVNDB-2017-011288 // NVD: CVE-2017-1632

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-330

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201712-330

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-011288

PATCH
title:2010549url:http://www-01.ibm.com/support/docview.wss?uid=swg22010549
Trust: 0.8
title:IBM Sterling File Gateway Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77047
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-011288 // 
            
            
            
            CNNVD: CNNVD-201712-330

EXTERNAL IDS
db:NVDid:CVE-2017-1632
Trust: 2.8
db:BIDid:102191
Trust: 1.4
db:JVNDBid:JVNDB-2017-011288
Trust: 0.8
db:CNNVDid:CNNVD-201712-330
Trust: 0.7
db:VULHUBid:VHN-107230
Trust: 0.1
sources:
            
            
            VULHUB: VHN-107230 // 
            
            
            
            BID: 102191 // 
            
            
            
            JVNDB: JVNDB-2017-011288 // 
            
            
            
            CNNVD: CNNVD-201712-330 // 
            
            
            
            NVD: CVE-2017-1632

REFERENCES
url:http://www.ibm.com/support/docview.wss?uid=swg22010549
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/133178
Trust: 1.7
url:http://www.securityfocus.com/bid/102191
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1632
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-1632
Trust: 0.8
url:http://www.ibm.com/
Trust: 0.3
url:http://www-03.ibm.com/software/products/us/en/file-gateway/
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg22010549
Trust: 0.3
sources:
            
            
            VULHUB: VHN-107230 // 
            
            
            
            BID: 102191 // 
            
            
            
            JVNDB: JVNDB-2017-011288 // 
            
            
            
            CNNVD: CNNVD-201712-330 // 
            
            
            
            NVD: CVE-2017-1632

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 102191

SOURCES
db:VULHUBid:VHN-107230
db:BIDid:102191
db:JVNDBid:JVNDB-2017-011288
db:CNNVDid:CNNVD-201712-330
db:NVDid:CVE-2017-1632

LAST UPDATE DATE
2024-11-23T23:08:52.560000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-107230date:2017-12-26T00:00:00
db:BIDid:102191date:2017-12-19T22:38:00
db:JVNDBid:JVNDB-2017-011288date:2018-01-12T00:00:00
db:CNNVDid:CNNVD-201712-330date:2017-12-12T00:00:00
db:NVDid:CVE-2017-1632date:2024-11-21T03:22:09.827

SOURCES RELEASE DATE
db:VULHUBid:VHN-107230date:2017-12-11T00:00:00
db:BIDid:102191date:2017-12-04T00:00:00
db:JVNDBid:JVNDB-2017-011288date:2018-01-12T00:00:00
db:CNNVDid:CNNVD-201712-330date:2017-12-12T00:00:00
db:NVDid:CVE-2017-1632date:2017-12-11T21:29:00.687