CVE-2017-1326

EUVD-2017-10342
IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request. IBM X-Force ID: 126060.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Affected Products (NVD)
VendorProductVersion
ibmsterling_b2b_integrator
5.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.ibm.com/support/docview.wss?uid=swg22004274
http://www.securityfocus.com/bid/99183
https://exchange.xforce.ibmcloud.com/vulnerabilities/126060
http://www.ibm.com/support/docview.wss?uid=swg22004274
http://www.securityfocus.com/bid/99183
https://exchange.xforce.ibmcloud.com/vulnerabilities/126060