CVE-2017-1326 Information

Description

IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users by manipulating the parameters passed in the POST request. IBM X-Force ID: 126060.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Reference

http://www.ibm.com/support/docview.wss?uid=swg22004274 http://www.securityfocus.com/bid/99183 https://exchange.xforce.ibmcloud.com/vulnerabilities/126060

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

4.3