Details of VAR-202011-1406

ID

VAR-202011-1406

CVE

CVE-2020-4763

TITLE

IBM Sterling File Gateway Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-013272

DESCRIPTION

IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through 2.2.6.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188897. Vendor exploits this vulnerability IBM X-Force ID: 188897 Is published as.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2020-4763 // JVNDB: JVNDB-2020-013272 // VULHUB: VHN-182888

AFFECTED PRODUCTS

vendor:	ibm	model:	sterling file gateway	scope:	gte	version:	6.0.0.0	Trust: 1.0
vendor:	ibm	model:	sterling file gateway	scope:	lte	version:	6.0.3.2	Trust: 1.0
vendor:	ibm	model:	sterling file gateway	scope:	lte	version:	2.2.6.5	Trust: 1.0
vendor:	ibm	model:	sterling file gateway	scope:	gte	version:	2.2.0.0	Trust: 1.0
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	6.0.0.0 to 6.0.3.2	Trust: 0.8
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	-	Trust: 0.8
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	2.2.0.0 to 2.2.6.5	Trust: 0.8

sources: JVNDB: JVNDB-2020-013272 // NVD: CVE-2020-4763

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-4763
value:	MEDIUM
Trust: 1.0
psirt@us.ibm.com:	CVE-2020-4763
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-4763
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202011-1388
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-182888
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-4763
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-182888
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

psirt@us.ibm.com:	CVE-2020-4763
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2020-4763
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-182888 // JVNDB: JVNDB-2020-013272 // CNNVD: CNNVD-202011-1388 // NVD: CVE-2020-4763 // NVD: CVE-2020-4763

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-013272 // NVD: CVE-2020-4763

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-1388

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-1388

PATCH

title:	6368025 IBM X-Force Exchange	url:	https://www.ibm.com/support/pages/node/6368025	Trust: 0.8
title:	IBM Sterling File Gateway Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=133966	Trust: 0.6

sources: JVNDB: JVNDB-2020-013272 // CNNVD: CNNVD-202011-1388

EXTERNAL IDS

db:	NVD	id:	CVE-2020-4763	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013272	Trust: 0.8
db:	CNNVD	id:	CNNVD-202011-1388	Trust: 0.7
db:	CNVD	id:	CNVD-2020-63969	Trust: 0.1
db:	VULHUB	id:	VHN-182888	Trust: 0.1

sources: VULHUB: VHN-182888 // JVNDB: JVNDB-2020-013272 // CNNVD: CNNVD-202011-1388 // NVD: CVE-2020-4763

REFERENCES

url:	https://www.ibm.com/support/pages/node/6368025	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/188897	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-4763	Trust: 1.4
url:	https://www.ibm.com/blogs/psirt/security-bulletin-cookie-vulnerability-affects-ibm-sterling-file-gateway-cve-2020-4763/	Trust: 0.6

sources: VULHUB: VHN-182888 // JVNDB: JVNDB-2020-013272 // CNNVD: CNNVD-202011-1388 // NVD: CVE-2020-4763

SOURCES

db:	VULHUB	id:	VHN-182888
db:	JVNDB	id:	JVNDB-2020-013272
db:	CNNVD	id:	CNNVD-202011-1388
db:	NVD	id:	CVE-2020-4763

LAST UPDATE DATE

2024-11-23T22:05:19.348000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-182888	date:	2020-11-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-013272	date:	2021-06-22T07:24:00
db:	CNNVD	id:	CNNVD-202011-1388	date:	2020-11-27T00:00:00
db:	NVD	id:	CVE-2020-4763	date:	2024-11-21T05:33:13

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-182888	date:	2020-11-16T00:00:00
db:	JVNDB	id:	JVNDB-2020-013272	date:	2021-06-22T00:00:00
db:	CNNVD	id:	CNNVD-202011-1388	date:	2020-11-13T00:00:00
db:	NVD	id:	CVE-2020-4763	date:	2020-11-16T17:15:14.237