Vulnerability Details : CVE-2017-1326
IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request. IBM X-Force ID: 126060.
Products affected by CVE-2017-1326
- cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-1326
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 34 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-1326
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2017-1326
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-1326
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/126060
IBM Sterling File Gateway security bypass CVE-2017-1326 Vulnerability ReportVDB Entry;Vendor Advisory
-
http://www.ibm.com/support/docview.wss?uid=swg22004274
IBM Security Bulletin: User permission vulnerability affects IBM Sterling B2B Integrator (CVE-2017-1326)Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/99183
IBM Sterling B2B Integrator CVE-2017-1326 Security Bypass VulnerabilityThird Party Advisory;VDB Entry
Jump to