Sign-up

ID

VAR-202110-0073


CVE

CVE-2021-20473


TITLE

IBM Sterling File Gateway  Session deadline vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-014121

DESCRIPTION

IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 196944. Vendor exploits this vulnerability IBM X-Force ID: 196944 It is published as.Information may be obtained and information may be tampered with

Trust: 1.8

sources: NVD: CVE-2021-20473 // JVNDB: JVNDB-2021-014121 // VULHUB: VHN-378149 // VULMON: CVE-2021-20473

AFFECTED PRODUCTS

vendor:ibmmodel:sterling file gatewayscope:lteversion:6.0.3.4

Trust: 1.0

vendor:ibmmodel:sterling file gatewayscope:lteversion:6.1.0.1

Trust: 1.0

vendor:ibmmodel:sterling file gatewayscope:gteversion:2.2.0.0

Trust: 1.0

vendor:ibmmodel:sterling file gatewayscope:lteversion:5.2.6.5_3

Trust: 1.0

vendor:ibmmodel:sterling file gatewayscope:gteversion:6.0.0.0

Trust: 1.0

vendor:ibmmodel:sterling file gatewayscope:gteversion:6.1.0.0

Trust: 1.0

vendor:ibmmodel:sterling file gatewayscope:eqversion:2.2.0.0 to 6.1.1.0

Trust: 0.8

vendor:ibmmodel:sterling file gatewayscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-014121 // NVD: CVE-2021-20473

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-20473
value: MEDIUM

Trust: 1.0

psirt@us.ibm.com: CVE-2021-20473
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-20473
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202110-364
value: MEDIUM

Trust: 0.6

VULHUB: VHN-378149
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-20473
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-20473
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-378149
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-20473
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

psirt@us.ibm.com: CVE-2021-20473
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.0

Trust: 1.0

NVD: CVE-2021-20473
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-378149 // VULMON: CVE-2021-20473 // JVNDB: JVNDB-2021-014121 // CNNVD: CNNVD-202110-364 // NVD: CVE-2021-20473 // NVD: CVE-2021-20473

PROBLEMTYPE DATA

problemtype:CWE-613

Trust: 1.1

problemtype:Inappropriate session deadline (CWE-613) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-378149 // JVNDB: JVNDB-2021-014121 // NVD: CVE-2021-20473

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-364

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202110-364

PATCH

title:6496785 IBM X-Force Exchangeurl:https://www.ibm.com/support/pages/node/6496785

Trust: 0.8

title:IBM Sterling File Gateway Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=166006

Trust: 0.6

sources: JVNDB: JVNDB-2021-014121 // CNNVD: CNNVD-202110-364

EXTERNAL IDS

db:NVDid:CVE-2021-20473

Trust: 3.4

db:JVNDBid:JVNDB-2021-014121

Trust: 0.8

db:CNNVDid:CNNVD-202110-364

Trust: 0.6

db:VULHUBid:VHN-378149

Trust: 0.1

db:VULMONid:CVE-2021-20473

Trust: 0.1

sources: VULHUB: VHN-378149 // VULMON: CVE-2021-20473 // JVNDB: JVNDB-2021-014121 // CNNVD: CNNVD-202110-364 // NVD: CVE-2021-20473

REFERENCES

url:https://www.ibm.com/support/pages/node/6496785

Trust: 2.4

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/196944

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-20473

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/613.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-378149 // VULMON: CVE-2021-20473 // JVNDB: JVNDB-2021-014121 // CNNVD: CNNVD-202110-364 // NVD: CVE-2021-20473

SOURCES

db:VULHUBid:VHN-378149
db:VULMONid:CVE-2021-20473
db:JVNDBid:JVNDB-2021-014121
db:CNNVDid:CNNVD-202110-364
db:NVDid:CVE-2021-20473

LAST UPDATE DATE

2024-08-14T14:31:37.365000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-378149date:2021-10-16T00:00:00
db:VULMONid:CVE-2021-20473date:2021-10-16T00:00:00
db:JVNDBid:JVNDB-2021-014121date:2022-10-05T05:03:00
db:CNNVDid:CNNVD-202110-364date:2021-10-18T00:00:00
db:NVDid:CVE-2021-20473date:2021-10-16T00:19:44.733

SOURCES RELEASE DATE

db:VULHUBid:VHN-378149date:2021-10-07T00:00:00
db:VULMONid:CVE-2021-20473date:2021-10-07T00:00:00
db:JVNDBid:JVNDB-2021-014121date:2022-10-05T00:00:00
db:CNNVDid:CNNVD-202110-364date:2021-10-06T00:00:00
db:NVDid:CVE-2021-20473date:2021-10-07T18:15:07.977