{"containers":{"cna":{"affected":[{"product":"Sterling File Gateway","vendor":"IBM","versions":[{"status":"affected","version":"2.2.0.0"},{"status":"affected","version":"6.0.3.1"}]}],"datePublic":"2020-05-13T00:00:00.000Z","descriptions":[{"lang":"en","value":"IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to. IBM X-Force ID: 175638."}],"metrics":[{"cvssV3_0":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","exploitCodeMaturity":"UNPROVEN","integrityImpact":"HIGH","privilegesRequired":"LOW","remediationLevel":"OFFICIAL_FIX","reportConfidence":"CONFIRMED","scope":"UNCHANGED","temporalScore":5.7,"temporalSeverity":"MEDIUM","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:N/UI:N/S:U/C:N/PR:L/A:N/AC:L/I:H/RC:C/RL:O/E:U","version":"3.0"}}],"problemTypes":[{"descriptions":[{"description":"Bypass Security","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2020-05-14T15:50:39.000Z","orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://www.ibm.com/support/pages/node/6208038"},{"name":"ibm-sterling-cve20204259-sec-bypass (175638)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/175638"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"psirt@us.ibm.com","DATE_PUBLIC":"2020-05-13T00:00:00","ID":"CVE-2020-4259","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Sterling File Gateway","version":{"version_data":[{"version_value":"2.2.0.0"},{"version_value":"6.0.3.1"}]}}]},"vendor_name":"IBM"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to. IBM X-Force ID: 175638."}]},"impact":{"cvssv3":{"BM":{"A":"N","AC":"L","AV":"N","C":"N","I":"H","PR":"L","S":"U","UI":"N"},"TM":{"E":"U","RC":"C","RL":"O"}}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Bypass Security"}]}]},"references":{"reference_data":[{"name":"https://www.ibm.com/support/pages/node/6208038","refsource":"CONFIRM","title":"IBM Security Bulletin 6208038 (Sterling File Gateway)","url":"https://www.ibm.com/support/pages/node/6208038"},{"name":"ibm-sterling-cve20204259-sec-bypass (175638)","refsource":"XF","title":"X-Force Vulnerability Report","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/175638"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T08:00:07.368Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.ibm.com/support/pages/node/6208038"},{"name":"ibm-sterling-cve20204259-sec-bypass (175638)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/175638"}]}]},"cveMetadata":{"assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","assignerShortName":"ibm","cveId":"CVE-2020-4259","datePublished":"2020-05-14T15:50:39.915Z","dateReserved":"2019-12-30T00:00:00.000Z","dateUpdated":"2024-09-16T16:14:19.525Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}