CVE-2021-20485
First published: Wed Sep 22 2021(Updated: )
IBM Sterling File Gateway could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Sterling File Gateway | <=2.2.0.0 - 6.1.0.3 | |
| IBM Sterling File Gateway | >=2.2.0.0<=6.1.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this security issue?
The vulnerability ID for this security issue is CVE-2021-20485.
What is the severity of CVE-2021-20485?
The severity of CVE-2021-20485 is medium, with a severity value of 4.3.
What is affected by CVE-2021-20485?
IBM Sterling File Gateway versions 2.2.0.0 through 6.1.0.3 are affected by CVE-2021-20485.
How can a remote attacker exploit CVE-2021-20485?
A remote attacker can exploit CVE-2021-20485 by obtaining sensitive information when a detailed technical error message is returned in the browser.
How can I fix CVE-2021-20485?
You can fix CVE-2021-20485 by applying the patch provided by IBM. More details can be found at: http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+B2B+Integrator&release=All&platform=All&function=all
- collector/ibm-support
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/type
- vendor/ibm
- canonical/ibm sterling file gateway
- version/ibm sterling file gateway/2.2.0.0 - 6.1.0.3
- version/ibm sterling file gateway/2.2.0.0
- version/ibm sterling file gateway/6.1.0.3