Details of VAR-201807-1326

ID

VAR-201807-1326

CVE

CVE-2018-1470

TITLE

IBM Sterling File Gateway Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-008159

DESCRIPTION

IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote authenticated attacker to obtain sensitive information displayed in the URL that could lead to further attacks against the system. IBM X-Force ID: 140688. Vendors have confirmed this vulnerability IBM X-Force ID: 140688 It is released as.Information may be obtained. An attacker can exploit these issues to gain access to sensitive information. Information obtained may aid in other attacks. IBM Sterling B2B Integrator is a set of software integrated with important B2B processes, transactions and relationships from IBM Corporation of the United States. The software supports secure integration of complex B2B processes with diverse partner communities

Trust: 2.07

sources: NVD: CVE-2018-1470 // JVNDB: JVNDB-2018-008159 // BID: 104885 // VULHUB: VHN-124885 // VULMON: CVE-2018-1470

AFFECTED PRODUCTS

vendor:	ibm	model:	sterling file gateway	scope:	lte	version:	2.2.6	Trust: 1.0
vendor:	ibm	model:	sterling file gateway	scope:	gte	version:	2.2.0	Trust: 1.0
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	2.2.0 to 2.2.6	Trust: 0.8
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	2.2.6	Trust: 0.3
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	2.2.5	Trust: 0.3
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	2.2	Trust: 0.3

sources: BID: 104885 // JVNDB: JVNDB-2018-008159 // NVD: CVE-2018-1470

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-1470
value:	MEDIUM
Trust: 1.0
psirt@us.ibm.com:	CVE-2018-1470
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-1470
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201807-1692
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-124885
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-1470
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-1470
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-124885
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-1470
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.0
Trust: 2.8

sources: VULHUB: VHN-124885 // VULMON: CVE-2018-1470 // JVNDB: JVNDB-2018-008159 // CNNVD: CNNVD-201807-1692 // NVD: CVE-2018-1470 // NVD: CVE-2018-1470

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-124885 // JVNDB: JVNDB-2018-008159 // NVD: CVE-2018-1470

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1692

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201807-1692

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008159

PATCH

title:	0716997	url:	http://www.ibm.com/support/docview.wss?uid=ibm10716997	Trust: 0.8
title:	ibm-sterling-cve20181470-info-disc (140688)	url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/140688	Trust: 0.8
title:	IBM Sterling B2B Integrator Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82535	Trust: 0.6

sources: JVNDB: JVNDB-2018-008159 // CNNVD: CNNVD-201807-1692

EXTERNAL IDS

db:	NVD	id:	CVE-2018-1470	Trust: 2.9
db:	BID	id:	104885	Trust: 2.1
db:	JVNDB	id:	JVNDB-2018-008159	Trust: 0.8
db:	CNNVD	id:	CNNVD-201807-1692	Trust: 0.7
db:	VULHUB	id:	VHN-124885	Trust: 0.1
db:	VULMON	id:	CVE-2018-1470	Trust: 0.1

sources: VULHUB: VHN-124885 // VULMON: CVE-2018-1470 // BID: 104885 // JVNDB: JVNDB-2018-008159 // CNNVD: CNNVD-201807-1692 // NVD: CVE-2018-1470

REFERENCES

url:	http://www.securityfocus.com/bid/104885	Trust: 1.8
url:	http://www.ibm.com/support/docview.wss?uid=ibm10716997	Trust: 1.8
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/140688	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1470	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1470	Trust: 0.8
url:	http://www.ibm.com/	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=ibm10716997	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-124885 // VULMON: CVE-2018-1470 // BID: 104885 // JVNDB: JVNDB-2018-008159 // CNNVD: CNNVD-201807-1692 // NVD: CVE-2018-1470

CREDITS

IBM

Trust: 0.3

sources: BID: 104885

SOURCES

db:	VULHUB	id:	VHN-124885
db:	VULMON	id:	CVE-2018-1470
db:	BID	id:	104885
db:	JVNDB	id:	JVNDB-2018-008159
db:	CNNVD	id:	CNNVD-201807-1692
db:	NVD	id:	CVE-2018-1470

LAST UPDATE DATE

2024-11-23T22:34:14.875000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-124885	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2018-1470	date:	2019-10-09T00:00:00
db:	BID	id:	104885	date:	2018-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-008159	date:	2018-10-10T00:00:00
db:	CNNVD	id:	CNNVD-201807-1692	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-1470	date:	2024-11-21T03:59:53.390

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-124885	date:	2018-07-20T00:00:00
db:	VULMON	id:	CVE-2018-1470	date:	2018-07-20T00:00:00
db:	BID	id:	104885	date:	2018-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-008159	date:	2018-10-10T00:00:00
db:	CNNVD	id:	CNNVD-201807-1692	date:	2018-07-23T00:00:00
db:	NVD	id:	CVE-2018-1470	date:	2018-07-20T16:29:00.573