Details of VAR-201807-0401

ID

VAR-201807-0401

CVE

CVE-2018-1398

TITLE

IBM Sterling File Gateway Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-008166

DESCRIPTION

IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote attacker to download certain files that could contain sensitive information. IBM X-Force ID: 138434. Vendors have confirmed this vulnerability IBM X-Force ID: 138434 It is released as.Information may be obtained. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. The software consolidates different centers of file transfer activity and facilitates the secure exchange of file-based data over the Internet

Trust: 1.98

sources: NVD: CVE-2018-1398 // JVNDB: JVNDB-2018-008166 // BID: 104919 // VULHUB: VHN-124093

AFFECTED PRODUCTS

vendor:	ibm	model:	sterling file gateway	scope:	lte	version:	2.2.6	Trust: 1.0
vendor:	ibm	model:	sterling file gateway	scope:	gte	version:	2.2.0	Trust: 1.0
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	2.2.0 to 2.2.6	Trust: 0.8
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	2.2.6	Trust: 0.3
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	2.2	Trust: 0.3
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	2.2.5	Trust: 0.3

sources: BID: 104919 // JVNDB: JVNDB-2018-008166 // NVD: CVE-2018-1398

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-1398
value:	MEDIUM
Trust: 1.0
psirt@us.ibm.com:	CVE-2018-1398
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-1398
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201807-1695
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-124093
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-1398
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-124093
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-1398
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 2.8

sources: VULHUB: VHN-124093 // JVNDB: JVNDB-2018-008166 // CNNVD: CNNVD-201807-1695 // NVD: CVE-2018-1398 // NVD: CVE-2018-1398

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-124093 // JVNDB: JVNDB-2018-008166 // NVD: CVE-2018-1398

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1695

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201807-1695

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008166

PATCH

title:	0717025	url:	https://www-01.ibm.com/support/docview.wss?uid=ibm10717025	Trust: 0.8
title:	ibm-sterling-cve20181398-info-disc (138434)	url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/138434	Trust: 0.8
title:	IBM Sterling File Gateway Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82536	Trust: 0.6

sources: JVNDB: JVNDB-2018-008166 // CNNVD: CNNVD-201807-1695

EXTERNAL IDS

db:	NVD	id:	CVE-2018-1398	Trust: 2.8
db:	BID	id:	104919	Trust: 2.0
db:	JVNDB	id:	JVNDB-2018-008166	Trust: 0.8
db:	CNNVD	id:	CNNVD-201807-1695	Trust: 0.7
db:	VULHUB	id:	VHN-124093	Trust: 0.1

sources: VULHUB: VHN-124093 // BID: 104919 // JVNDB: JVNDB-2018-008166 // CNNVD: CNNVD-201807-1695 // NVD: CVE-2018-1398

REFERENCES

url:	http://www.securityfocus.com/bid/104919	Trust: 1.7
url:	http://www.ibm.com/support/docview.wss?uid=ibm10717025	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/138434	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1398	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1398	Trust: 0.8
url:	http://www-03.ibm.com/software/products/us/en/file-gateway/	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=ibm10717025	Trust: 0.3

sources: VULHUB: VHN-124093 // BID: 104919 // JVNDB: JVNDB-2018-008166 // CNNVD: CNNVD-201807-1695 // NVD: CVE-2018-1398

CREDITS

IBM

Trust: 0.3

sources: BID: 104919

SOURCES

db:	VULHUB	id:	VHN-124093
db:	BID	id:	104919
db:	JVNDB	id:	JVNDB-2018-008166
db:	CNNVD	id:	CNNVD-201807-1695
db:	NVD	id:	CVE-2018-1398

LAST UPDATE DATE

2024-11-23T22:48:41.254000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-124093	date:	2019-10-09T00:00:00
db:	BID	id:	104919	date:	2018-07-26T00:00:00
db:	JVNDB	id:	JVNDB-2018-008166	date:	2018-10-10T00:00:00
db:	CNNVD	id:	CNNVD-201807-1695	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-1398	date:	2024-11-21T03:59:44.940

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-124093	date:	2018-07-20T00:00:00
db:	BID	id:	104919	date:	2018-07-26T00:00:00
db:	JVNDB	id:	JVNDB-2018-008166	date:	2018-10-10T00:00:00
db:	CNNVD	id:	CNNVD-201807-1695	date:	2018-07-23T00:00:00
db:	NVD	id:	CVE-2018-1398	date:	2018-07-20T16:29:00.417