First published: Fri May 08 2020(Updated: )
IBM Sterling File Gateway could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Sterling File Gateway | <=6.0.0.0 - 6.0.3.1 | |
IBM Sterling File Gateway | <=2.2.0.0 - 2.2.6.5_1 | |
IBM Sterling File Gateway | >=2.2.0.0<=2.2.6.5_1 | |
IBM Sterling File Gateway | >=6.0.0.0<=6.0.3.1 | |
HP HP-UX | ||
IBM AIX | ||
IBM i | ||
Linux Linux kernel | ||
Microsoft Windows | ||
Oracle Solaris |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-4259 is medium with a severity value of 6.5.
IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 allows an authenticated user to manipulate cookie information by removing or adding modules from the cookie.
Yes, there is a patch available for CVE-2020-4259. You can download the patch from the IBM Support website.
IBM Sterling File Gateway versions 2.2.0.0 through 2.2.6.5_1 and 6.0.0.0 through 6.0.3.1 are affected by CVE-2020-4259.
No, other operating systems such as HP-UX, IBM AIX, IBM i, Linux kernel, Microsoft Windows, and Oracle Solaris are not vulnerable to CVE-2020-4259.