CVE-2023-47159

Name of the Vulnerable Software and Affected Versions IBM Sterling File Gateway versions 6.0.0.0 through 6.1.2.5 IBM Sterling File Gateway versions 6.2.0.0 through 6.2.0.1

Description The issue is related to an observable discrepancy in request responses, which could allow an authenticated user to enumerate usernames. This discrepancy may enable a remote attacker to gain unauthorized access to protected information.

Recommendations For versions 6.0.0.0 through 6.1.2.5, consider restricting access to sensitive information until a patch is available. For versions 6.2.0.0 through 6.2.0.1, avoid using the vulnerable functionality related to request responses until the issue is resolved. As a temporary workaround, consider disabling the functionality that allows username enumeration until a patch is available.