Details of VAR-202011-1433

ID

VAR-202011-1433

CVE

CVE-2020-4665

TITLE

IBM Sterling File Gateway Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-013266

DESCRIPTION

IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 186280. Vendor exploits this vulnerability IBM X-Force ID: 186280 Is published as.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2020-4665 // JVNDB: JVNDB-2020-013266 // VULHUB: VHN-182790

AFFECTED PRODUCTS

vendor:	ibm	model:	sterling file gateway	scope:	gte	version:	6.0.0.0	Trust: 1.0
vendor:	ibm	model:	sterling file gateway	scope:	lte	version:	6.0.3.2	Trust: 1.0
vendor:	ibm	model:	sterling file gateway	scope:	lte	version:	2.2.6.5	Trust: 1.0
vendor:	ibm	model:	sterling file gateway	scope:	gte	version:	2.2.0.0	Trust: 1.0
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	2.2.0.0 to 2.2.6.5	Trust: 0.8
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	-	Trust: 0.8
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	6.0.0.0 to 6.0.3.2	Trust: 0.8

sources: JVNDB: JVNDB-2020-013266 // NVD: CVE-2020-4665

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-4665
value:	MEDIUM
Trust: 1.0
psirt@us.ibm.com:	CVE-2020-4665
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-4665
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202011-1389
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-182790
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-4665
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-182790
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

psirt@us.ibm.com:	CVE-2020-4665
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2020-4665
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-182790 // JVNDB: JVNDB-2020-013266 // CNNVD: CNNVD-202011-1389 // NVD: CVE-2020-4665 // NVD: CVE-2020-4665

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-013266 // NVD: CVE-2020-4665

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-1389

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-1389

PATCH

title:	6367997 IBM X-Force Exchange	url:	https://www.ibm.com/support/pages/node/6367997	Trust: 0.8
title:	IBM Sterling File Gateway Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=133967	Trust: 0.6

sources: JVNDB: JVNDB-2020-013266 // CNNVD: CNNVD-202011-1389

EXTERNAL IDS

db:	NVD	id:	CVE-2020-4665	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013266	Trust: 0.8
db:	CNNVD	id:	CNNVD-202011-1389	Trust: 0.7
db:	CNVD	id:	CNVD-2020-65144	Trust: 0.1
db:	VULHUB	id:	VHN-182790	Trust: 0.1

sources: VULHUB: VHN-182790 // JVNDB: JVNDB-2020-013266 // CNNVD: CNNVD-202011-1389 // NVD: CVE-2020-4665

REFERENCES

url:	https://www.ibm.com/support/pages/node/6367997	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/186280	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-4665	Trust: 1.4
url:	https://www.ibm.com/blogs/psirt/security-bulletin-cookie-vulnerability-affects-ibm-sterling-file-gateway-cve-2020-4665/	Trust: 0.6

sources: VULHUB: VHN-182790 // JVNDB: JVNDB-2020-013266 // CNNVD: CNNVD-202011-1389 // NVD: CVE-2020-4665

SOURCES

db:	VULHUB	id:	VHN-182790
db:	JVNDB	id:	JVNDB-2020-013266
db:	CNNVD	id:	CNNVD-202011-1389
db:	NVD	id:	CVE-2020-4665

LAST UPDATE DATE

2024-11-23T21:35:03.130000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-182790	date:	2020-11-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-013266	date:	2021-06-22T07:24:00
db:	CNNVD	id:	CNNVD-202011-1389	date:	2020-11-27T00:00:00
db:	NVD	id:	CVE-2020-4665	date:	2024-11-21T05:33:05.400

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-182790	date:	2020-11-16T00:00:00
db:	JVNDB	id:	JVNDB-2020-013266	date:	2021-06-22T00:00:00
db:	CNNVD	id:	CNNVD-202011-1389	date:	2020-11-13T00:00:00
db:	NVD	id:	CVE-2020-4665	date:	2020-11-16T17:15:13.737