IBM
CVE-2024-47109
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 UI could disclosure the installation path of the server which could aid in further attacks against the system.
AnalysisAI
IBM Sterling File Gateway 6.0.0.0 versions up to 6.1.2.6 is affected by insufficiently protected credentials (CVSS 5.3).
Technical ContextAI
This vulnerability (CWE-522: Insufficiently Protected Credentials) affects IBM Sterling File Gateway 6.0.0.0. IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 UI could disclosure the installation path of the server which could aid in further attacks against the system.
Affected ProductsAI
Product: IBM Sterling File Gateway 6.0.0.0. Versions: up to 6.1.2.6.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-522 – Insufficiently Protected Credentials
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today