Rewterz Threat Advisory – IBM Sterling File Gateway Information Disclosure

Rewterz Threat Advisory – Multiple RCE Flaws in Cisco Security Manager

November 17, 2020

Rewterz Threat Advisory – CVE-2020-13954 – Apache CXF Cross-site Scripting Vulnerability

November 17, 2020

Rewterz Threat Advisory – IBM Sterling File Gateway Information Disclosure

Severity

Medium

Analysis Summary

IBM Sterling File Gateway does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.

Impact

Information disclosure

Affected Vendors

IBM

Affected Products

IBM Sterling File Gateway 2.2.0.0
IBM Sterling File Gateway 6.0.3.2
IBM Sterling File Gateway 2.2.6.5
IBM Sterling File Gateway 6.0.0.0

Remediation

Refer to IBM Security Bulletin 6368025 for patch, upgrade or suggested workaround information.

IBM Security Bulletin 6368025 (Sterling File Gateway)

Rewterz Threat Advisory – Multiple RCE Flaws in Cisco Security Manager

Rewterz Threat Advisory – CVE-2020-13954 – Apache CXF Cross-site Scripting Vulnerability

Rewterz Threat Advisory – IBM Sterling File Gateway Information Disclosure

Severity

Analysis Summary

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan