CVE-2023-47159 – IBM Sterling File Gateway versions 6.0.0.0 thro... (How to Fix)

Q: What is the severity of CVE-2023-47159?

CVE-2023-47159 has a CVSS score of 4.3 (MEDIUM). IBM Sterling File Gateway versions 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 contain an information disclosure vulnerability where authenticated users can enumerate valid usernames by observing differences in system responses. This affects organizations using vulnerable versions of IBM's file transfer software.

📋 TL;DR

IBM Sterling File Gateway versions 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 contain an information disclosure vulnerability where authenticated users can enumerate valid usernames by observing differences in system responses. This affects organizations using vulnerable versions of IBM's file transfer software.

💻 Affected Systems

Products:

IBM Sterling File Gateway

Versions: 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to exploit

📦 What is this software?

Sterling File Gateway by Ibm

View all CVEs affecting Sterling File Gateway →

Sterling File Gateway by Ibm

View all CVEs affecting Sterling File Gateway →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could map all valid usernames, enabling targeted credential attacks and facilitating lateral movement within the organization.

🟠

Likely Case

Malicious insiders or compromised accounts could gather intelligence about user accounts for subsequent attacks.

🟢

If Mitigated

With proper authentication monitoring and account lockout policies, impact is limited to information disclosure without direct system compromise.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access and involves observing response timing or content differences

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply interim fix or upgrade to versions beyond affected ranges

Vendor Advisory: https://www.ibm.com/support/pages/node/7176083

Restart Required: Yes

Instructions:

1. Review IBM advisory 2. Apply recommended interim fix 3. Restart Sterling File Gateway services 4. Verify fix implementation

🔧 Temporary Workarounds

Access Restriction

all

Limit authenticated user access to minimum required functionality

Monitoring Enhancement

all

Implement enhanced logging for authentication attempts and user enumeration patterns

🧯 If You Can't Patch

Implement strict access controls and network segmentation
Deploy web application firewall rules to detect enumeration patterns

🔍 How to Verify

Check if Vulnerable:

Check IBM Sterling File Gateway version against affected ranges in vendor advisory

Check Version:

Check product documentation for version query command specific to your installation

Verify Fix Applied:

Verify version is updated beyond affected ranges and test for response consistency

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts with different usernames
Patterns of similar requests with varying usernames

Network Indicators:

Unusual authentication request patterns from single sources

SIEM Query:

source="sterling_gateway" AND (event_type="auth_failure" OR event_type="auth_attempt") | stats count by src_ip, username | where count > threshold

📊 Metadata

CVE ID: CVE-2023-47159

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-204

EPSS Score: 0.1% exploit probability (26.7th percentile)

Published: January 27, 2025

Last Updated: March 5, 2025

🔗 References

https://www.ibm.com/support/pages/node/7176083 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-47159, you might also want to check these: