CVE-2020-4259
MEDIUMIBM Sterling File Gateway 2.2.0.0-2.2.6.5_1 - Authenticated Privilege Escalation via Cookie Manipulation
Title source: llmDescription
IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to. IBM X-Force ID: 175638.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6208038
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/175638
Scores
CVSS v3
6.5
EPSS
0.0076
EPSS Percentile
50.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-276
Status
published
Products (1)
ibm/sterling_file_gateway
2.2.0.0 - 2.2.6.5_1
Published
May 14, 2020
Tracked Since
Feb 18, 2026