CVE-2021-20552
First published: Thu Oct 07 2021(Updated: )
IBM Sterling File Gateway could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Sterling File Gateway | <=6.0.1.0 - 6.1.0.2 | |
| IBM Sterling File Gateway | >=6.0.1.0<=6.1.0.2 | |
| IBM AIX | ||
| Linux Linux kernel | ||
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-20552.
What is the severity level of CVE-2021-20552?
The severity level of CVE-2021-20552 is medium.
How can a remote attacker exploit this vulnerability?
A remote attacker can exploit this vulnerability by obtaining sensitive information through a detailed technical error message returned in the browser.
What can an attacker do with the obtained sensitive information?
An attacker can potentially use the sensitive information obtained to launch further attacks against the system.
How can I patch/update IBM Sterling File Gateway to fix CVE-2021-20552?
You can patch/update IBM Sterling File Gateway by applying the recommended fix available at the following URL: <URL>
- collector/ibm-support
- collector/nvd-index
- agent/weakness
- agent/type
- vendor/ibm
- canonical/ibm sterling file gateway
- version/ibm sterling file gateway/6.0.1.0 - 6.1.0.2
- version/ibm sterling file gateway/6.0.1.0
- version/ibm sterling file gateway/6.1.0.2
- canonical/ibm aix
- vendor/linux
- canonical/linux linux kernel
- vendor/microsoft
- canonical/microsoft windows