CVE-2021-20473

Summary

IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 196944.

Affected Software

VendorProductVersion RangeStatus
IBMSterling File Gateway2.2.0.0affected
IBMSterling File Gateway6.0.0.0affected
IBMSterling File Gateway5.2.6.5_3affected
IBMSterling File Gateway6.0.3.4affected
IBMSterling File Gateway6.1.0.0affected
IBMSterling File Gateway6.1.0.1affected

Weaknesses

  • Gain Privileges

ADP Enrichment

CVE Program Container

Additional References

References