CVE-2017-1326

Summary

IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request. IBM X-Force ID: 126060.

Affected Software

VendorProductVersion RangeStatus
IBMSterling B2B Integrator5.2affected
IBMSterling B2B Integrator5.2.1affected
IBMSterling B2B Integrator5.2.2affected
IBMSterling B2B Integrator5.2.3affected
IBMSterling B2B Integrator5.2.4affected
IBMSterling B2B Integrator5.2.5affected
IBMSterling B2B Integrator5.2.6affected

Weaknesses

  • Bypass Security

ADP Enrichment

CVE Program Container

Additional References

References