Remote Access Vulnerability in IBM Sterling Secure Proxy
CVE-2016-6025
5.9MEDIUM
Summary
A vulnerability exists in IBM Sterling Secure Proxy that allows remote attackers to exploit unattended workstations. By leveraging specific conditions, an attacker can conduct a post-logoff session-reuse attack via a modified URL, potentially granting them access to sensitive information without proper authorization. This situation arises in versions 3.4.2 prior to iFix 8 and 3.4.3 prior to iFix 1, underscoring the need for timely updates and vigilant security practices.
References
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved