CVE-2017-1326

IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request. IBM X-Force ID: 126060.

Published: Jun 22, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-1326
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:P/A:N

CWEs:

CWE-269

Affected Software
References

Software	From	Fixed in
ibm / sterling_b2b_integrator	5.2	5.2.x

http://www.ibm.com/support/docview.wss?uid=swg22004274
http://www.securityfocus.com/bid/99183
https://exchange.xforce.ibmcloud.com/vulnerabilities/126060

Vulnerability Database

289,784

CVE-2017-1326