CVE-2020-4665

Name of the Vulnerable Software and Affected Versions IBM Sterling File Gateway versions 2.2.0.0 through 2.2.6.5 IBM Sterling File Gateway versions 6.0.0.0 through 6.0.3.2

Description The issue concerns the failure to set the secure attribute on authorization tokens or session cookies. Attackers can exploit this by sending a http:// link to a user or by planting this link in a site the user visits, allowing them to obtain the cookie value by snooping the traffic.

Recommendations For IBM Sterling File Gateway versions 2.2.0.0 through 2.2.6.5, update to a version that sets the secure attribute on authorization tokens or session cookies. For IBM Sterling File Gateway versions 6.0.0.0 through 6.0.3.2, update to a version that sets the secure attribute on authorization tokens or session cookies. As a temporary workaround, consider restricting access to sensitive resources that use the affected authorization tokens or session cookies until a patch is available.