← back
CVE-2018-1563

CVE-2018-1563

CVSS 5.4 MEDIUMEPSS 2.8%
Vexday Risk Score
33Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 5.4EPSS 2.8%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
20 Jul 2018Published on NVD
13 Aug 2018Public PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142967.
CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O
Affected products
IBM · Sterling File Gateway
public PoCs found2
cve_referencewww.exploit-db.com/exploits/45190/unverifiedexploitdbwww.exploit-db.com/exploits/45190unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/142967https://www.exploit-db.com/exploits/45190/http://www.ibm.com/support/docview.wss?uid=ibm10717031http://www.securityfocus.com/bid/104910