Directory Traversal Vulnerability in IBM Sterling Secure Proxy
CVE-2016-6023

7.5HIGH

Key Information:

Vendor: IBM
Status: Sterling Secure Proxy
Vendor: CVE Published:; 6 October 2016

Summary

A directory traversal vulnerability exists in IBM Sterling Secure Proxy versions 3.4.2 prior to iFix 8 and 3.4.3 prior to iFix 1. This flaw allows remote attackers to exploit the system via specially crafted URLs, potentially leading to unauthorized reading of arbitrary files on the server. Effective measures must be taken to mitigate this security risk and safeguard sensitive data.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21991278

x_refsource_CONFIRM

http://www.securityfocus.com/bid/93347

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 6, 2016
Vulnerability Reserved
Jun 29, 2016